31c2debcab961433ad7d3be42a051306a3b0aa28ba2f4f64c7b4509666e0ceca

Analysis

max time kernel
844s
max time network
859s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28/06/2024, 14:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

b97ad890edda441494b11b8933dadfd9
SHA1

41b3b99debbd6a90e6c19a9790e6a116989ca258
SHA256

31c2debcab961433ad7d3be42a051306a3b0aa28ba2f4f64c7b4509666e0ceca
SHA512

3d62a276b2dfd69053a777ff9710429d6483df3595354bc4cb9206543bd8064009514090821cad78e311aaaa82343be31cc4faa3056ecd32abb5284f9694bece
SSDEEP

384:mj8afrAspY1ocy4y4lbGa4BvhpN4gmYYK2f62oY0io5/f89HExCJUrI:Bp1ocy4pEaUJpNtmI2oY0io5XCExXrI

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
4740	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5656	MEMZ.exe
824	MEMZ.exe
5168	MEMZ.exe
5964	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
529	raw.githubusercontent.com
530	raw.githubusercontent.com
531	raw.githubusercontent.com
532	raw.githubusercontent.com
533	raw.githubusercontent.com
534	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 40 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	Taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640608820058418"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{4BE62E8E-7ADB-4379-A3B9-0D0AC39195BA} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "25"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3ed9e82c6dc9da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bc3657466dc9da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cef8a19b6bc9da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "233"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c3fc25106dc9da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "601"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\MEMZ(1).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
824	MEMZ.exe
5656	MEMZ.exe
824	MEMZ.exe
5656	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5656	MEMZ.exe
824	MEMZ.exe
5656	MEMZ.exe
824	MEMZ.exe
5168	MEMZ.exe
5168	MEMZ.exe
5168	MEMZ.exe
824	MEMZ.exe
5168	MEMZ.exe
824	MEMZ.exe
5656	MEMZ.exe
5656	MEMZ.exe
5756	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5656	MEMZ.exe
5656	MEMZ.exe
824	MEMZ.exe
824	MEMZ.exe
5168	MEMZ.exe
5168	MEMZ.exe
5168	MEMZ.exe
824	MEMZ.exe
5168	MEMZ.exe
824	MEMZ.exe
5656	MEMZ.exe
5656	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5756	MEMZ.exe
5620	MEMZ.exe
5656	MEMZ.exe
824	MEMZ.exe
5656	MEMZ.exe
824	MEMZ.exe
5168	MEMZ.exe
5168	MEMZ.exe
5168	MEMZ.exe
824	MEMZ.exe
5168	MEMZ.exe
824	MEMZ.exe
5656	MEMZ.exe
5756	MEMZ.exe

Suspicious behavior: MapViewOfSection 49 IoCs

pid	Process
3336	MicrosoftEdgeCP.exe
3336	MicrosoftEdgeCP.exe
3336	MicrosoftEdgeCP.exe
3336	MicrosoftEdgeCP.exe
3188	MicrosoftEdgeCP.exe
3188	MicrosoftEdgeCP.exe
3188	MicrosoftEdgeCP.exe
3188	MicrosoftEdgeCP.exe
5572	MicrosoftEdgeCP.exe
5572	MicrosoftEdgeCP.exe
5572	MicrosoftEdgeCP.exe
5572	MicrosoftEdgeCP.exe
1032	MicrosoftEdgeCP.exe
1032	MicrosoftEdgeCP.exe
1032	MicrosoftEdgeCP.exe
1032	MicrosoftEdgeCP.exe
4324	MicrosoftEdgeCP.exe
4324	MicrosoftEdgeCP.exe
4324	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
8620	MicrosoftEdgeCP.exe
8620	MicrosoftEdgeCP.exe
8620	MicrosoftEdgeCP.exe
8620	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	520	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	520	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	520	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4896	MicrosoftEdge.exe
Token: SeDebugPrivilege	4896	MicrosoftEdge.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: 33	5280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5280	AUDIODG.EXE
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe
Token: SeShutdownPrivilege	5364	chrome.exe
Token: SeCreatePagefilePrivilege	5364	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
4972	Taskmgr.exe
4972	Taskmgr.exe
4972	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
5856	taskmgr.exe
4972	Taskmgr.exe
4972	Taskmgr.exe
4972	Taskmgr.exe
4972	Taskmgr.exe
4972	Taskmgr.exe
4972	Taskmgr.exe

Suspicious use of SetWindowsHookEx 61 IoCs

pid	Process
4896	MicrosoftEdge.exe
3336	MicrosoftEdgeCP.exe
4564	MicrosoftEdgeCP.exe
3336	MicrosoftEdgeCP.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
2084	MicrosoftEdge.exe
3188	MicrosoftEdgeCP.exe
3188	MicrosoftEdgeCP.exe
2320	MicrosoftEdge.exe
5572	MicrosoftEdgeCP.exe
5572	MicrosoftEdgeCP.exe
4376	MicrosoftEdge.exe
1032	MicrosoftEdgeCP.exe
1032	MicrosoftEdgeCP.exe
5324	MicrosoftEdge.exe
4324	MicrosoftEdgeCP.exe
4324	MicrosoftEdgeCP.exe
1348	MicrosoftEdge.exe
3600	MicrosoftEdgeCP.exe
3600	MicrosoftEdgeCP.exe
1840	MicrosoftEdgeCP.exe
5964	MEMZ.exe
5964	MEMZ.exe
10056	MicrosoftEdge.exe
8620	MicrosoftEdgeCP.exe
8620	MicrosoftEdgeCP.exe
5964	MEMZ.exe
9388	MicrosoftEdge.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
5964	MEMZ.exe
6452	MicrosoftEdge.exe
7176	MicrosoftEdgeCP.exe
7176	MicrosoftEdgeCP.exe
5964	MEMZ.exe
9356	wordpad.exe
9356	wordpad.exe
9356	wordpad.exe
9356	wordpad.exe
9356	wordpad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 520	3336	MicrosoftEdgeCP.exe	78
PID 3336 wrote to memory of 520	3336	MicrosoftEdgeCP.exe	78
PID 3336 wrote to memory of 520	3336	MicrosoftEdgeCP.exe	78
PID 3336 wrote to memory of 520	3336	MicrosoftEdgeCP.exe	78
PID 3336 wrote to memory of 520	3336	MicrosoftEdgeCP.exe	78
PID 3336 wrote to memory of 520	3336	MicrosoftEdgeCP.exe	78
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 4824 wrote to memory of 1372	4824	firefox.exe	81
PID 1372 wrote to memory of 1920	1372	firefox.exe	82
PID 1372 wrote to memory of 1920	1372	firefox.exe	82
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83
PID 1372 wrote to memory of 1516	1372	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"
1⤵
PID:204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4896

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3336

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4564

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.0.439898662\658683729" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1500 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff47197d-13a8-424b-8596-e901f849bd6e} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 1828 1b389ad0358 gpu
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.1.1797164605\861199195" -parentBuildID 20221007134813 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae73a626-1a37-40e7-88ad-9c683860e28e} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 2184 1b3897fa158 socket
    3⤵
    - Checks processor information in registry
    PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.2.1180887843\1327029995" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2780 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17aaaab6-76fa-4276-a3e3-36e9953ae4c7} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 2988 1b389a59a58 tab
    3⤵
    PID:1848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.3.256083583\1152965191" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cb1f51e-075d-4a11-9f6c-cf642aee87b5} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 3596 1b38c796c58 tab
    3⤵
    PID:364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.4.890832050\962946520" -childID 3 -isForBrowser -prefsHandle 4356 -prefMapHandle 3716 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70afafd0-2b41-45d1-a109-ad60e36cf739} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4316 1b38f9ab058 tab
    3⤵
    PID:428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.5.1495026462\1730230381" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4816 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88cc4803-02e9-4567-a902-fcbb6a8c974d} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4800 1b390108158 tab
    3⤵
    PID:2580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.6.1677103697\2121620056" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4960 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7d19977-3bff-4113-b207-3c1790dbc15b} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4836 1b390109058 tab
    3⤵
    PID:2348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.7.636949396\754828780" -childID 6 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3db8962-505f-49ac-a08b-a652ed7978f1} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5148 1b390109658 tab
    3⤵
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.8.320134674\94822794" -childID 7 -isForBrowser -prefsHandle 4604 -prefMapHandle 4580 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fde31f8-923c-46cf-ba5d-f4dd99b6c822} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5380 1b389c58a58 tab
    3⤵
    PID:428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.9.438946962\1129130345" -childID 8 -isForBrowser -prefsHandle 4908 -prefMapHandle 4884 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8354034-5080-4549-b3ba-bf2115df7f5b} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4892 1b389c5a258 tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.10.2103879009\858711052" -childID 9 -isForBrowser -prefsHandle 5636 -prefMapHandle 5700 -prefsLen 27459 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86c94f55-e86a-47f9-82dd-3464b514026d} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5696 1b390107558 tab
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.11.1018566380\676396131" -childID 10 -isForBrowser -prefsHandle 5744 -prefMapHandle 5756 -prefsLen 27507 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c676ce2a-cdf7-4905-84a7-eed691466940} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5732 1b390d45b58 tab
    3⤵
    PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.12.758712738\1782872464" -childID 11 -isForBrowser -prefsHandle 5092 -prefMapHandle 5124 -prefsLen 27516 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2574403-b8b0-49d9-861c-4da80fe8c9aa} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 1716 1b389c30458 tab
    3⤵
    PID:4004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.13.1079607901\2143413271" -childID 12 -isForBrowser -prefsHandle 10372 -prefMapHandle 5100 -prefsLen 27516 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39c94934-9e88-4932-b702-9bb6a116c122} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10364 1b394725858 tab
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.14.2030493610\330655118" -childID 13 -isForBrowser -prefsHandle 5712 -prefMapHandle 5784 -prefsLen 27516 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb1d2b73-ffec-4d61-8045-d4d34f04a9b8} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5788 1b394722558 tab
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.15.1120134740\425981087" -childID 14 -isForBrowser -prefsHandle 1520 -prefMapHandle 5696 -prefsLen 27516 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {971fef4b-27dd-4227-8f27-b9207c4004e7} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6404 1b394109358 tab
    3⤵
    PID:5032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.16.1682665656\348177768" -childID 15 -isForBrowser -prefsHandle 10352 -prefMapHandle 10356 -prefsLen 27516 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c3596e-4a37-4778-8767-6f1fc7b9b1cf} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10260 1b389cb6c58 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.17.157635914\983428990" -childID 16 -isForBrowser -prefsHandle 10224 -prefMapHandle 10220 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bb8085e-79b3-4a1a-92f6-732d8e87252e} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10336 1b39446b158 tab
    3⤵
    PID:3764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.18.1532349998\356814620" -parentBuildID 20221007134813 -prefsHandle 4936 -prefMapHandle 5488 -prefsLen 27556 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d7106a8-3b9d-4334-9525-a6b4565f382e} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4872 1b39468e558 rdd
    3⤵
    PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.19.1571836688\1039121221" -childID 17 -isForBrowser -prefsHandle 6232 -prefMapHandle 6248 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfdc8308-abae-4c35-b358-0e7cf18f434b} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6220 1b3946e5f58 tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.20.1404492475\1849691377" -childID 18 -isForBrowser -prefsHandle 9932 -prefMapHandle 9936 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dedf208-a6a9-4322-8ed4-36f3eea8e0ca} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9968 1b394a51258 tab
    3⤵
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.21.1834305655\1250822134" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5280 -prefMapHandle 5296 -prefsLen 27556 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bf5c494-768a-4f75-8968-f9976e484e58} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5144 1b390dbb458 utility
    3⤵
    PID:2036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.22.109841921\1431692776" -childID 19 -isForBrowser -prefsHandle 9932 -prefMapHandle 10364 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc315ea7-f21c-4f71-b11e-88d69908eba3} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9684 1b390dbba58 tab
    3⤵
    PID:428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.23.790817362\1842300024" -childID 20 -isForBrowser -prefsHandle 9544 -prefMapHandle 9540 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e8a8754-1cea-4e03-88e7-de6c22b1e494} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9552 1b394d91958 tab
    3⤵
    PID:3996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.24.243636662\1469853577" -childID 21 -isForBrowser -prefsHandle 9784 -prefMapHandle 9792 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ae2c798-e0bb-42c2-b4fb-d3867b878fca} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9756 1b3923e2b58 tab
    3⤵
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.25.223222563\1913664085" -childID 22 -isForBrowser -prefsHandle 3724 -prefMapHandle 10400 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15adef4a-fc37-415f-8b38-6c63dd36a50f} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5020 1b3923e5b58 tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.26.105318430\2078575562" -childID 23 -isForBrowser -prefsHandle 9520 -prefMapHandle 6232 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf3dca65-bb67-45fe-b74d-9c5932439f70} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10088 1b395224458 tab
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.27.308757033\1067514381" -childID 24 -isForBrowser -prefsHandle 9608 -prefMapHandle 9620 -prefsLen 27556 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {412115e8-9900-4b43-8d9d-b347a226ad25} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9248 1b395424c58 tab
    3⤵
    PID:3612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.28.354829379\1311891586" -childID 25 -isForBrowser -prefsHandle 5236 -prefMapHandle 6368 -prefsLen 27628 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dac5963-dffb-4923-a47f-76cdfe2e36f5} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5948 1b393798658 tab
    3⤵
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.29.1828738656\1147716684" -childID 26 -isForBrowser -prefsHandle 10276 -prefMapHandle 10256 -prefsLen 27637 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c856da6-6728-4498-8404-162c601e500f} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10284 1b3906ddf58 tab
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.30.1783137108\512953796" -childID 27 -isForBrowser -prefsHandle 9264 -prefMapHandle 10276 -prefsLen 27637 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6903640b-e0b2-4b6c-9156-ae43f6d367ce} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10284 1b390dbcf58 tab
    3⤵
    PID:1000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.31.1237663006\1484387128" -childID 28 -isForBrowser -prefsHandle 9828 -prefMapHandle 10088 -prefsLen 27637 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9540f3ba-87ee-4f06-9b00-c84357c148a0} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6068 1b390d5fe58 tab
    3⤵
    PID:5016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.32.202926988\2027048400" -childID 29 -isForBrowser -prefsHandle 3304 -prefMapHandle 5100 -prefsLen 27637 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4dfbac2-9787-496f-8cc7-0b2da485157c} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10160 1b395449058 tab
    3⤵
    PID:632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.33.1105726268\1010673153" -childID 30 -isForBrowser -prefsHandle 6372 -prefMapHandle 10072 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5e51618-c494-4e7f-902c-4c9d04e2654d} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9120 1b395b65f58 tab
    3⤵
    PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.34.387322921\1127684348" -childID 31 -isForBrowser -prefsHandle 4824 -prefMapHandle 10016 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f5d4ff4-0faa-4f57-bd3f-c78a36af3925} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9212 1b39526e558 tab
    3⤵
    PID:796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.35.833996864\1003025313" -childID 32 -isForBrowser -prefsHandle 9796 -prefMapHandle 10072 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {075706ff-0f01-46a8-87b1-c178b929901c} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5692 1b3897fc858 tab
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.36.1709991537\1866161784" -childID 33 -isForBrowser -prefsHandle 9160 -prefMapHandle 9804 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efd44d67-b78e-4e7b-9603-e28289ddeac5} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9340 1b390d5e658 tab
    3⤵
    PID:5500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.37.480554485\37678210" -childID 34 -isForBrowser -prefsHandle 1640 -prefMapHandle 1572 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65232d69-48bf-4470-a6f8-a4565da66bc8} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4952 1b38fc7ad58 tab
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.38.1606746394\1402552329" -childID 35 -isForBrowser -prefsHandle 10368 -prefMapHandle 6068 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a293f84-72c6-4bbb-b23a-db50d399189a} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 9600 1b390109958 tab
    3⤵
    PID:5164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.39.391669653\894440899" -childID 36 -isForBrowser -prefsHandle 5892 -prefMapHandle 4532 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ca8ca16-78d5-41ef-a2d2-11c27181aea3} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5764 1b393799258 tab
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.40.1512242346\1624148041" -childID 37 -isForBrowser -prefsHandle 6040 -prefMapHandle 5720 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d08d7fc-089f-40a0-9c81-77007da0628a} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5892 1b390d3bd58 tab
    3⤵
    PID:5504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.41.839257072\685883463" -childID 38 -isForBrowser -prefsHandle 5096 -prefMapHandle 5984 -prefsLen 27646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cb11802-0c0c-4561-8803-796e9129f776} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10160 1b390d3d858 tab
    3⤵
    PID:5596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5280

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4324

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
PID:4740
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5756
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5620
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5656
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5168
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  PID:5964
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:5960
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:4272
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4972
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    PID:3688
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    PID:8392
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    PID:516
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    PID:8068
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:8988
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:9356
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:9728
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    PID:5336
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbcef79758,0x7ffbcef79768,0x7ffbcef79778
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=508 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:2
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1868 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3888 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5192 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4892 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3872 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:2
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=2172,i,11548193916983384495,1610746392159179779,131072 /prefetch:8
  2⤵
  PID:7636

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6076

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3188

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2156

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5572

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4844

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5224

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5988

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:4912
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:5372
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:5288
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:5400
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:4988
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:1304
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  PID:4012
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:5736
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    PID:956
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    PID:9232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5324

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4324

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:732

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4152

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5972

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1988

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:10056

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:8620

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:8700

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:9388

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5628

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3972

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6452

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:10028

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:7176

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3612

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:9560

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:10112

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
225KB

MD5
f2a862f7a54e30b40f87fc95a11779a1

SHA1
2b8fe7cd807e534e89b933c80bdf984d40424af2

SHA256
e269c2173ed1403a38bd260170411384f709cf0c1fd8d72ab586b3556f21070b

SHA512
fa5e20dceac2c0b723c365134dd6a69b07af76c0bf2921caf223b8059cbbc485adbe03d0865c7e6d11cb43ef22f73de34f931110ba14698d180e25300468d186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
22KB

MD5
bce732e1e76923d0ad8daccd55b078ab

SHA1
39e2e304ec9700b77b1b7e22435b5bfb012455b9

SHA256
430a39106c18b4cf8e9b16e7d5a0823b029cab6f95b6264bab0114340fa84ce3

SHA512
ce7e3e88acaff9aa63edaeb1f90ef346c2c42d55f80128101e85dc511e8c97484982fd7bf5705cae6b768593e83e6502e396f7bccbf1109c23066fea68cbf2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
1.6MB

MD5
cb8282b74edb787f1b04ef0fb1020ac6

SHA1
275874bfd106ae571ff0bacd3065f40ca307e772

SHA256
c5903d7955e677a720439f1555cdeedd354fcb27fa3fae532eb7c8cf50c89dca

SHA512
305f137d2328ce1e83aa9f0010e80901701e69e58a0c2171c6ff15ae411c8cd93c7f12ed0086d3c43fbfc97210ffb2326c775974d2d06a03e56b9a08669e9d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
018beeb0d0a402e38590fd5722371032

SHA1
52ccb77d10882d89db55a612357fbb682e7a9d35

SHA256
06abb37e91fef418a088cac19a6214fff6f15e611bf071a92cc17de424011bcd

SHA512
37840052da768ff2301d79682a084981075118a718ce044f8a2a0f40462c35a1eb7a16be1d1fc01389c729cae00b93686ebd75971cf40d1377e38fe6a38dc561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3f3431977c6e9027990979c824f0edf5

SHA1
e7ebff42c450a1fe255fc998e11d7024e9b126a7

SHA256
22553487acbebbaf4b24bdff5fee9a998a631d24cb3e624cacaea78f26aff932

SHA512
c615d725cebb21ff95d9ebf6a5a7ffa3d73dc08492eff22830843b70260d1e4ee089a75fc62644476fea3234c48fd0cfad2a36204d04ca1ed5d19a3dca989527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b47353ad03172d873df4cb2cb17e3e3b

SHA1
6ad3f4d5ae7a39c01a09763efb6aae49f9cda2e6

SHA256
43d3a64fca78a46e595b3df04600c7d8de027655d9c44bd121508f9c759c7832

SHA512
f5aaa154199588e3a987d55e87f41ec59a90ab07f095087c7022b525cbda9b05e37628edbe1e1b909b72a688ec0122450804ea7e00be54826ed8df99b8248bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
573929d2b20a93b5f1fba8e4cbe0a942

SHA1
d11223874b9dab77b042f089702992edb323e63a

SHA256
e7c4a3a8e32f3128343b7af49f7f7d0891867936198a1f987fc8a987b9e8a832

SHA512
5160a07c9f5bc0c28c956e03b4fca2d2e24d53d2abac9f06e2a184708f34e64392ab2cbd93c81335417a6e903613e894d6800a9f0d6201f2b6427af5c9725f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
a180ca0a0025461fc5e1cd6c2301782c

SHA1
ae470f6b8b7f9d37a9f7d3f0903d148c7bc80eb4

SHA256
9630d9be6c4d12bf2dfdf59c9d8004887f45948e5744341716c3739732d890c2

SHA512
d4a5a8eefde8971b1174c8698de84ba40d4645e1123e8ec59e06b5e0c648b2baf98d5c5a0a60932d6ab649163a5fc40869e652358f8d5f32ea5206b6a8abd6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
c637cbdc7eed03a2ea9782ede5bd3659

SHA1
c19af9e2cbd52fa4e575a3068bbf119893fb9b8c

SHA256
a8bdf438ba88956c1d0f698fde9f913fcc2edabfa479b3a4eff0a119bd56ed30

SHA512
fbc8de35810f924284cd1c62f5d3d88fa0637a6f47f7a9a82643aa43e04dfa8ac8187a0b7c91fa29d726cdfb621cdd467fd6d1ded03968153f40c1512bea3990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2b3e051117f81525a178c4481bacec89

SHA1
4228d8c8d3fe53136be31f1cece4973a8902df3d

SHA256
610e96d905fe34d43fad4da6da80207f1bf5e52b40c1b4b92df5430f06c65132

SHA512
c3cbf5994f8b96506432e6aa20a269aa95f6be91f96447a6ede678645b6cf044fa70df57eae0fd6892bf2ed83515640de003819f825eeb215bb3844eaec89a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
08fd6627277540929200b0d5312cd406

SHA1
9208f7c74a97609352656acab16eb32ed4bfb8d8

SHA256
7d9ee9d8e57d1ffc75fb35fa69a49e73f068b50f6720e5b2a2cf35e5b8dd58f7

SHA512
9258d8b1a74f346e8831419f38ecd2ddc0b466d3364d177829ea1e4b4ec9f595e258f9a346f7be04ba406804d8652396ca6d22db728defe5e66e7cd4dbf8b6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1b7f196006a63b6b38aac8c91641fad4

SHA1
360b5230e8b844f7cb07bed103bcdd473fa05b6e

SHA256
c16340e0c15e0b7fd4002072326b18ced1fc0ed39bb5a82409ad58cefe10914f

SHA512
b9b783132b6a56fec15024b689447ccc6dfa0df14f914f812613807af528d0d362130f411f2094f8d7007496b9f2f73603727413b9e6aae670937f5ae062e8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1fc710447c6a3c5abb3e2bf134c1cca5

SHA1
286e692e8aa84e14824e436cff42c3bc239e5c88

SHA256
1e207f95da47321f6961b5660b9210cfd69cc6b1af3ec49e9cd68c7e99356593

SHA512
c95a24e85c36b812ca64c56744404871dc8e400cc8ee3b2851d7d07f7658c6fcd95e53e7201dd5b6e56c8c509e90531325731cc25735a0317357ca6a7c22c95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
87b6f05045bd452f58ed0dcc7820536f

SHA1
9e7511534c8301ac437bc55b3eedb3dd6a263352

SHA256
462350b7f5673e7d0116d2b19862b5568115e0dd6e1f2343d1d505bd21fa3b7d

SHA512
701fdad9bc0ae4c5cd959ce7d675c190829a25c3f5c021830fd8c15746293771fc83a553ff2caafc5799198840f761dd3aec7abc14401faaa73589bcbf8d0d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f3a9e7f7ea0924e64d58d224b9e6f075

SHA1
d9e67092c3e6af6979ea5d4ca36457cb7cdabb0f

SHA256
a0f1bd10d51a4eaed64061891021297f24441d48883b3da62a147d5d0b4f5f4a

SHA512
85f0578f377533890b362c307a29ee89bc00211fb98e48ba969c4094010e8e7064c4d3e6d3628d0b27c3a79409e5c22fff40df3a3c7f86c7adb6d9261ee33a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ed72991-008c-4b61-891f-1249989d4bbe\0a41c5226f4ea45c_0

Filesize
474KB

MD5
dff260bc6db4f558ff5b2904f1142770

SHA1
87dbd93f365abca0aa748cd82781f826d8864f70

SHA256
6c63e9f2b54eca3b6ab61467b0174b87ce064c63005a06f738476c5baf180be0

SHA512
50f357b70ceaeeb07eb55e27168b331a150cbdab0e31a47c59bda1c6570825642c7dd1861d41a6812b8de4669489ca33af7e91cf2b578b8aa230d2bfab2812cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ed72991-008c-4b61-891f-1249989d4bbe\index-dir\the-real-index

Filesize
624B

MD5
65648a09a34844f239e6239542dbb04e

SHA1
3fbdf7032ea666695e1c9180ba07a8fdb8d889d2

SHA256
c8ad3b108e1cbe5f13a99541181237709f7e0ab7811a3fc5dd5a77526f7580ca

SHA512
e3b0da859aa9e615ca5ba50752e1bc139b6fa7b5af3c2971c0017e87cd44a423efd5dd0a7487c8d8106d9dff823c6b8abc6266cbb853bd507efe61777fbe2e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ed72991-008c-4b61-891f-1249989d4bbe\index-dir\the-real-index~RFe6103e7.TMP

Filesize
48B

MD5
7779b8ab1d5d472529a58ea887739a9e

SHA1
75e7e875082e3cf290a6e5909e2a36c44ad167fd

SHA256
7debd1984711ced8fcfb916565ccbf6ca555f14c30392d2bbbf8ebeb03a7400e

SHA512
2559663483e8452d9d34e884c0e5dfeb84c1a326dcaeb37cd16b5eef5032859583746a585648dfa835a4748f60c201baf7e6bf9d81211fc64176f0f6ae3eb38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a848dfe6-0f28-466f-992a-9682771449b9\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dfaff5b3-6554-4faf-8082-dbc8474c2a6b\index-dir\the-real-index

Filesize
2KB

MD5
7a308064d4d4ce45d0a28180ba76ce48

SHA1
fef60704cae0f58b67269c9a50b5f086e0ac19ab

SHA256
2e50c0e512aec70f98b3d365b2daacdc78c0fb5bb1d68506a7084b8a40951467

SHA512
f3b7c2d10328fc9c571563705d3a7155f2d9c2fc678d3b3ff9d75ff460e917cc306228d5b26115835f971f1756ab0288a1ab185a8404a03f10ee99a07bd6c3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dfaff5b3-6554-4faf-8082-dbc8474c2a6b\index-dir\the-real-index~RFe60abe4.TMP

Filesize
48B

MD5
7b39ecda89eced8fe9ce28398e26cb36

SHA1
71249958570ccae6a84dd871a4f2703ab6f748bb

SHA256
f3bb19c5ee889acd2b8c996810ea18f13c6c1b43bc600666a52b17c05f74eb6c

SHA512
6c9631d08a2f4a25d3dea78dfd96d8c7a6a9d3b91b224c027803d8ca927e7bc3a999db16bdbcbe061560e9c5d62429b7605ea260dd5d0b18310478468d722a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
5eaeb4ec6335208f813fa8ccccc1bda3

SHA1
dd8a5e0533abf916a612b64396706b6bd2922270

SHA256
2e243402b55c0918d96cdd13b9538d6b2a16837bd16dded350a1a41c331d9b0f

SHA512
6d980d38287b1cee329a6669508791cb29c7978cdb9ff195515a2eee11316b3ae1c5deb2d390f493c4e0880112fd9c97e50084332097a68e4fb37f80428b6efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
7f0b8d2164cb73ac91934a1d222f90a2

SHA1
8dce5cf54c8605a689d089d1fb1cc33222988e79

SHA256
e829c196f96198799dae6cb6438d2027c3c44206ab4def8fa9d3688a89bc7279

SHA512
c0b8d177344272bf0f16e9d04ef122fc7cdcb2f88f8e7b3db6ed9a5903cfabd482a2e379b0596320c656c341335e7ec71d21517891eacd4160c4f2395f7a8fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b0f616295f03d52ad2b9bc197378d879

SHA1
610eb4a28201cbb225266052ea8c0ecc69e0fc79

SHA256
87bd33beb17cee0bbb276b0e7167e6ced4eb761a971920ec8908d0edf09e7349

SHA512
572d4b87f4ac392a8caca742e7e2324b31490b302560b42cc43dbbb2f0e75ad5eb0fd98e6caf621e0dd95581e03047b462806213b1d1e0c556b1aadb3c6b2803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
0bc11cd194f969b46c8326222b29dae2

SHA1
eecf03ed748ab9aa560955086aec3a24f8bfb61c

SHA256
8547298b379164890527fd1d7f3230a44ddd1514776748997509708040d18274

SHA512
e5eda33c54966cd4208acfa3905a4883d4326d083a033dbb035e89e03cbd09d33728a86ae088cd2deae9e44d9603a4dfdd064e6d5c2e15107b48825cf0e8b427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
f3e6dc7ee528da0aea13d50f9019ebfc

SHA1
4702f7a897a452d30f7a9f35d9692d4dea62c6c9

SHA256
4b37ed2028e249e17f713ff2d94793e33a4bad8eecbbccaf54122829c294e3cf

SHA512
99b12ae508d332dba35eeeb09d27846b928a2444b33e9e9a3346c8e1f66524ed1fa034b09bb154ab934cd1dc0662f2ef6b986dc25f35f4872fc7b0b7122188f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
efcbc27d6c2c3952ba68ce09794d8428

SHA1
5b2333d5fe038927a53f7a3419f3598c05897f5b

SHA256
1b40eb99f7a8c782250c996b1ab7ac7b98618a8d4f1352cfe8ad9acfbc415f3e

SHA512
aa3083d1004a4d1bced1bebe5c06b4ac58f45bb0335fdee9e8062838f5e80b0d9aa26e4f92978bd68660907458ca03e8c04306aa407ffd51eaff618f533741a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe60956e.TMP

Filesize
119B

MD5
21eebe65710d829e500b7ebbb8e64e2c

SHA1
06bef9165112f7c40dab6f322577d7577753b55a

SHA256
a54a51c481776031c19325c6a1838a5c4740fab3c796da315c6c9359a803fc7a

SHA512
c8d3f1efb251ff5451277812c37905f664b24f1488d587d44cf7f32c1b557d11bca87d4a9f4ecf19474d70161a7747645f0dbd5eee9a2f5d4c9541165848869b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
17KB

MD5
ac72f38fecc621f6776858ad0ba3c0bc

SHA1
07edd720c610899960b37bbf964eb1a23e2e88d2

SHA256
b37997dab0ef3a7f7fbffc36b6b5cf7a0d6c850752f8ef3b4bc74ace762cc41e

SHA512
473a3c75439e006ccc5a789e7cea77cf581e86acf16d8adfaf9ad0ed858ee0f254349d2fc3c3c46f964e1b9bbb664857e699df9c4182390d4ad8ec32dbe168f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
11KB

MD5
dce17972c39e2b085f17a0cb3ae85b60

SHA1
7311c2d1a9f46aa9ee93e5c9b4df49a8156916bf

SHA256
7c17a47e1d534257394fe43c410bc8e010a486b278f745168baf37bddbed88d7

SHA512
ad1a983096af7e0a3a147b047d0e7377625bc064df1e0135498cf585383533bd8e79d9048de457749b554a0702e8e46ab0a7911638e1b09dc6c6e931f4e28acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
162KB

MD5
aaff75089fd680e2f65455afafa4a1d9

SHA1
3550c715d928eb8135fa670980d23597926581c3

SHA256
a00b56ba60614486e356e93b232dce7f073ed27cf08c776a9e8800890f219083

SHA512
6a2c015a5a5ce8dcedaf15657088443ffddd47651f61d07aaa5ab69346a1c1db1f217c2e08b1dc20c9d64f08593e268cdada1847079bfcfa85bccd64b0edd9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
386KB

MD5
0354a0fff7c037f3c25e7d9d7f4f29a4

SHA1
17e56ea3b67c2e63fbedd56289d0a2e98b533383

SHA256
8e7bb4bf7893b4bb40db7c292d0aebe1385669ac54f6287bd587fe83493b47f6

SHA512
64357dabea39e31bb0d877b91792d5aadf27be5bd086027524d0372542eee8a93cd38c9ecb3dce3224faad44f654aaa72caef5e38fdc5b2a6ba1a28b17b9e59c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8adcfff69ff071aac05aacb9667f8116

SHA1
595693f4bd5a04aa5ad677151d59b371a3f102bb

SHA256
a7cbf2f9c9cad184036c28b3c6393053552234328391123a682a2028e59ef0e4

SHA512
79851d529c16871cbd4c6ac562545b1a64443e028f063f2f9c75f854211b14ac527db52e4fb1ac26bb8c008e7a275a1fbe9dc47af402e3cb93fcf4e96102b1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe60fef6.TMP

Filesize
48B

MD5
737c8918eca75ea8c1646770f5f0e2bd

SHA1
5fa503bb7baed95ee93d2602ccf7077db19ac14c

SHA256
a441bfe190a487e3624db81d0f3e999b251c452199f2f9e7501a045a2954c6b0

SHA512
3d1ce8ba433e2ffc81701116605d7363160c310efdfecef35365c15a3bbed9be8ad2db70d56929de2f622b316694d8fef6de0ce5f9ca22bc2cda834ce5226157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5364_943464092\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
291KB

MD5
9d66ad837a28b48a4762ae29f1761d40

SHA1
42061238eb677e3fd983fd39f812afd1c8f533f4

SHA256
0269d6765b2cd834328a866c5a4a40faa9e7b97a9c29a3f08bdd2dc4f0b4f5e7

SHA512
cbb7f30fb669813a2cde939519b051bf308fa76986bb47166385e9d91b8a898d0003b8b00d372e7d746b4b6c48122f4d5ca4cbaa86a1bd8be4ae58a0f0e61062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
615a88bf6f9bc26d2575966b7c9f9a67

SHA1
5269a88b7c2055ce6a24c7d25b24212f58e4ee11

SHA256
921354a4d39d10d3bd817b37b5102ef6300babb2f28e1768095ba57d5d7832af

SHA512
321bc18df2be4cb00fb4b85051747514cd5085feddfa961c11a87c672d8f8e24e93c9abe3af67e92c24bd922763b3b039e105842fdb9327a77b6185dac1c26c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
290KB

MD5
c0e8c8df27a91b19ae6871f7704b32f6

SHA1
01594ed8042b952807c423fe7bbe62327bc2b597

SHA256
a8a189dde788d99d46e40025c303d952bfeed176e646d4ae1efa3937dac094ba

SHA512
5518fc7658d820b85d8edbc1490895a07a38260aa95567b216a0948a752c96ab0a7287e83cf7a2e893d8cf97d026a6504d51997e4e0e27d1a96e59057d76170b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
df60e6b74ee96ba0ba03a2b0a82df78c

SHA1
582988775c420410b1881f7bf179c0596390caab

SHA256
af0783225cb3d23fb1fd3b6d1445f15cf8c04c05c7792c08a21b494e4e6dd4f8

SHA512
c788c288fd1b325a84205ae75995d46d42fb6ab82ce3d75a849158dcecb7620f2e0d0a9a0e20aab150d60367f53d607c42b833e4c881b0011a4e1cb405e9edf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe643df4.TMP

Filesize
93KB

MD5
8051efa54db35db64034fa99d5b90153

SHA1
3e5e8e842a3d85f9acd2c8ee14143631fdc8090b

SHA256
47804ad63a23596a985e86ab14c0f7e9162afabd4f69d96db8e512ac342dbada

SHA512
f4cb82db2e713617e777a98c1bc2a8ef3372e084750777b495f86cfce919223febefdd953c5b6f05e7080393311b6c656204d395e8a40ae1505bf5b2b117acc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ca00ee40-9b49-4b89-bc60-a0184d67c372.tmp

Filesize
137KB

MD5
a3c32ac5ac5ef7292a83b418a6684b05

SHA1
d3ad7cf32d9b1b5422f95f7661f2bed657e5a9f0

SHA256
d89bdb62a4ba9e331d3dd4c2f5b2f89b7464f01dfa52da9ffc622367553bcf04

SHA512
06580b59766dde743012969ddac02f071b061c001c8824996bb8a716f8cefcae1f71b74fdfabe97c22226d82f30769e346d5da3852218898e2140392a25b415e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\10837

Filesize
16KB

MD5
0e4411fcdc4c978b6d5a7755fb010f55

SHA1
f9e01c5b32801a9078d1f6d6b074565c611be0c8

SHA256
66e8933c5ae046234cbf4404d8a5dc0916739adb95830725e8e8f465b1cc2483

SHA512
bd5d52ed38518753467131ade0fa47e160515af729b845caab5c8b209273aaa18034d6b8d5083c6407a61f4e529d793d6d517594cab42485fc6a0e192724aea5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\12872

Filesize
16KB

MD5
a41c91b2f7c1a03863786afc69d2c2bf

SHA1
8475e0a0abda5f8d2a21c3fd3297aafc7e555ead

SHA256
ad1e95abe5c9a55d89b1f8d5a66bece435ec2b4adcca1419ef0bebaa62380c64

SHA512
75c84c260c9cc90c80c411450d466f1502a1d31dc2ff2ad031228a76af40cf5949a07d043d4562ffe60dfa86a4703d9d3fa330e6c3d03ece7dce88b11cace8b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\15100

Filesize
20KB

MD5
ba53b08cc1bb1155e21028158340c168

SHA1
bc4fcbdd6b96b4cc732d48869c87690b38e0ba4b

SHA256
1d6564e0899ebf6f80724ad390aecdf49ff1fdec388d68ec19fdbd540a4a2136

SHA512
f58652f0f89de535fcfea1157074f7ed091fd850948d049ee2d14ebe33340a1187b360feb04d37384491bec077420c6dd88d9d4ea334505df471889ccd3b1c15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\15455

Filesize
16KB

MD5
c826ef5228d0d4f750f30dd96a72d4cf

SHA1
7d96e41d35847bd3805ae773e3eb5cf76c2c8143

SHA256
922f4c9847ee640c626f40ec90d0c70d980a3f0927a46c597ea531144edaf65a

SHA512
950230902b7f6384eb1af444b764ce008a9af34101d6a1c2354a107cfbac648979b73c28ec5b057b8841e402aaf442f7762e1172568a8181fa544f30be020a0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\16260

Filesize
16KB

MD5
9c70c5dd62514fed0b3ec54bf08baa5d

SHA1
9aea02c9c10d751343dcbfb7f2ac5c17efbda7bf

SHA256
4997525a0326494c25190f2097711672150d7a9cb3230e211a3eac8740ba0eed

SHA512
80c0468a7d26089a5c5f898ec8b05d6bf702845bb024fc3b1e33ae1d08ba67f356eed3b97678c082fdf3d734392dc367470c60b08268f7f7679c07af526a6b2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\17048

Filesize
11KB

MD5
2b60e40633da3ce564ad2506af6ecdc9

SHA1
4daea8c22c846582e7a3f9a481354331121b14bc

SHA256
4a443394c272b0e6b5fd3cb499e6d38298d779dfcac111589ccef3b0b62ba22f

SHA512
16b00eb2f3f541e1226cf7a41684c84e91d3593c90216a6bf8d82c584340979358d63fc419e25e4c43c0a8069710319618ed21deb929beae43825141d28fec06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\26795

Filesize
27KB

MD5
2bff4306f1c70df1a7e7faf8942b893b

SHA1
72832bb6dc0b2ccf5dc814e9caf1d444cdc3f4cf

SHA256
b6830f0a834740be81ac3f983c9db99411df2b6883ff3edba497ccda8ac941eb

SHA512
72ea410a80289b83cdc49c6b9dc0e4824d7a4fa273eaa47e34f24e2b01fbdff1e45408b13136e9f5cbd933615fd841567fa725d4f75125f343b10b904a9d70c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\28148

Filesize
12KB

MD5
07f5e2caf23c253ecb5e26b233a58ae9

SHA1
989fde733dc3404ecf053eafa6c3d58f6b4638d6

SHA256
ed3a3d02bb2cd69042be8053489b3d5c24c2cefbf8465957bb66821193a41296

SHA512
021aee2625ca76bcb34545c2fd4360e32481e44592ea7fe8a965a3e274b4b0b4525dabccaece4e0e08be12b65c026f894873983d7d60db9ac25ca0db5bbc2cd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\28429

Filesize
12KB

MD5
6edc648f6b17539204d167b4fe2ac955

SHA1
efd20a9b352130302dc7ed617bfe341dc5430a8e

SHA256
c265e6c1b601555d40f000f473937fe3000c0902f65aa9df6e462e15ddf8197f

SHA512
cfcd6f9f7f624b56755ec6b77041685f0abc596e7a2723c1a21c9ed82f1dc3227d34b79e7b63cb76ec73565b31a98f24f890ec2dfffcbc7d8425b5fbae54cd39

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\2916

Filesize
8KB

MD5
dd6ffccc7a45c0c30c044651dff6e086

SHA1
3dbdd3546e37002cdd5cc5a30a9621acdb26fb0e

SHA256
aa178bb4b736d168c24cd9adc0423fa31f075277c60b89e18d59131580125d37

SHA512
d5f883c7e7b1dc9d9a087a1795f87c0e8de560bf0e7a8b1a5d4568734af8d4c1fbe3f41af97e18513558c3115a681646f6050484ab4702e1f921a05df3874714

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\31883

Filesize
18KB

MD5
a4a7f35361fb93d5e95e4fcddf207197

SHA1
6639ade5d7a9416980bf8be2814fecec67739d99

SHA256
66951c3f901de0b82dfb722518e11e3f105c25efa0484eb7aaddd0f01c1dd9a0

SHA512
182795e903caf2b022a5b149488fdb811d3522670ddb9f9d6ce11712db3e1968958a61ea54d96f221345c054b81c11e172af5f7fbf32104e42df8e22db28ae82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\3739

Filesize
20KB

MD5
539354f8168f522e1b8e8462e90dfb95

SHA1
aae327939aa881b35d40167e399e0f4e9f844cc6

SHA256
7850c1d9af86c4dfb4cdd0a9e31fabc410e615d2c5222c0ab0cc1f98c78a1b5b

SHA512
00628efc39faa74037849b82836219093050b16ef683c5c9235646d486e7ccb06f91fd32a89a939ad520750482fc39a07b10d9cf3e77137674162f1555a73354

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\834

Filesize
57KB

MD5
3c6db4f2d18b370398a1a8e1ec8a42bf

SHA1
8950c9d9f6f3071b11653b3a1273ba66f3b2bfda

SHA256
deca042ad5ea827bd66732f55ede2537fc96afd3affa4b439698c9669af640fc

SHA512
883e42ba98540a213d25efe6f965ff76f0e6d844843bbfc88988a4784212041ee95dc1880cfd95b54f3490f7d0742b78e5de4aa67121989cd5db56c985806aad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\9896

Filesize
8KB

MD5
f7990ebdfdd42f62ffd564e4596613b3

SHA1
b33c2bc9eeffb7cefbfa26e89e59af1fadaa40ae

SHA256
291123cd5c4bd4d2282f217f3a8e776130ef55a96a469dea8fa9499eaac969f6

SHA512
91a5650a12b2940d1603fb206b6d5dd62cae9eb63cac9d7fcc3e01ccb3f6603d143a1652fc085cae5e7bd1c2f7e8ad582abd85186a24c21d71ad0a9c418f45dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\06086647647C4FA5E378228C692C18BC1D6A3292

Filesize
4.8MB

MD5
5d350a96b87f4d58fb986b33e59de32d

SHA1
4fd7b2ab26e4aa81e04b220ec6626f7c1b237337

SHA256
33d0a0c83a6b99c11afc90ffa183f37b0df591d31e494d82720405c553ca634b

SHA512
8273f4200e265a7512a2214a5732e360773f46d26915bf75cc029ae429c9446688260c559f44c5ca83748a6fd3a60042d6beaa06ff12fd6ce1f2f52ee0ce7330

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\07E58126644AEAE01A2252933A750571586D823D

Filesize
38KB

MD5
415684cc6ad051323b962d51fa4bdd19

SHA1
c0d2177929dd1d0794e2f7f0bb5872b8e3f6d995

SHA256
bef73833fb3c92ddd519a95af75f701ceb71ab5b013e053ca70efb56f27e6fa9

SHA512
2a759593ac21aec845a6bd941bf4e47be50abd20472db2ec422293fa1881f33add02835ac3c4e7c6a20e6af719ba2f11f80b0ddc46ccd267068a7c4df72ebd11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\1236E527D430B9EC9BEDF702208ADCCF6500644F

Filesize
220KB

MD5
69e62908ea2e6aa3bf1a0881475ce07e

SHA1
ea1f2d6c20afa3fbb337dc86d384dee74b5b7e44

SHA256
41059eaf491283b2172f778fbacf22a235d0ca374240f41e5d145ae13e810a09

SHA512
2afb7b790f8819afb0a2c2fddcb87cd35afb28ad26f0fffb1a2198e69a51c914dae6c6c161bf6960ceebde3a750345cc8599609be1f62b11f612158858b4a489

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\31ADA5AEA1733ABA619E19CAC0860A68F74D2FA8

Filesize
95KB

MD5
ef7659b4ebd158c74a0a2dfb3662e45b

SHA1
e21b3af2e422a509da05107c7dbcf72a60575092

SHA256
947599f5185e4ea560000c25131469e15e6eb4a2d0d435bbf2d794637bfe596a

SHA512
685dfe27c136eac25c59783f773a7b75c9e6ec81b0425328f727dd37767a3e476cc819d5fbf8aea270d8056dc7d4aff0236f97e4a87df2f47b96e848be3ffbcf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\3531F5F072DE91577A2B864837185050C62B2D70

Filesize
122KB

MD5
5d95a7e0bd42af8cc23db2151a1de782

SHA1
5c108d0b3af171207f90182db758bcae80f8b2af

SHA256
a96294745e8816612289163b6bca33111b7ab0cf92b107279c73cd5f9adebc11

SHA512
318269d6e70604e4f36ae6bf8ea0b7802e14a24e8bb2d18d4a3b4e6623c7179cc23272122d58db93aad5913b1006f4ee4dc00200a9a1f7bd8d2aff60e5358ff0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\44836238049E96471D6554497813EF38374771D5

Filesize
333KB

MD5
d2c8f3b721107e2e66355b9f84f13ae9

SHA1
38df874e976c240fe08e7d34d1e824cba4082b67

SHA256
3cb146053f144c5a87e3175b224083ddc0e7d0aae619e12577924fc6000e799e

SHA512
fe0ce90074e63be8f9843f4970fef86b9c38b6e1847e04fcf1bbb329e63172d6c8b272ad6c984edb589d64c03a257b41804a6b7d65685efe1c1adab4a3df8d22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\459C450CEE86B7E33FB6AE31A6DE10D238BCAFB2

Filesize
217KB

MD5
02770b18365bf03c01da5177fc8a3ca6

SHA1
2461a755dbed8b87e6afd71b0aee258e26f5b66c

SHA256
0d23f895def3ff46feb91bf9724eda12a43289aebcf7843a9494377c8ffe1fb8

SHA512
71000795e70dbe716b637aee804d368141523d66c86cbe4b82d5748cf042b083b15f19dad224a2d9d153c984520a445083a7dd9fb5995f2f50d9ce7a23a4a726

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\510E93612570D1F56FD42C2FD63BE5186C24AF29

Filesize
60KB

MD5
c0256f660daa78c5ba62b51b7ac9a9ab

SHA1
6b13d47beb6a2ff959375a7a3b6310359be1a06e

SHA256
c288f001b57a175dc825f0941e059d157c17fbb692a5b612897f7582fad468ac

SHA512
c9c74baf1dd3ebe46daf7af40c4c42b51046994cd30150babbca52cec0571cea2fe4c79a47874d0021d0242dea4caed8faab5787eb4c10ddce70078dbf02a814

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
2b8e384b9d992034f4080a65b6e3c289

SHA1
3fa95eb44bec82c65293af85c671984a5fe32908

SHA256
f6b8d876f216b960e4db5f721feaddcc8372aa19a28e0d7672e6852fbc608eb5

SHA512
964e109ee857d2414ad8fc906906ceb5a0320bbfa5354851462c84d976d5125c92d18a7f0c1338380f3fa0f9dcbc86574ea05b115d47d620e8f50308c1f4e30c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\5D4626C3042B2A2857ECC0988C90561215C35F97

Filesize
282KB

MD5
8e9e49bbd2e011997c0281fe035c7d4b

SHA1
821800f2a079c99f15eaf6c85d46c179e77a417f

SHA256
e4241ea3a7d459837de62bb6f8b98d4687f8a20de601f3863d585217ac55c95f

SHA512
6ad8093383dbf2a0ee770d2f5e1949204f5f009c4b6133b90706ad6cc265350598f31b07d087d40a684568d6694814c836ab67327d57f31eb55bbf386f31b779

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\603BE2CBCD5CFB5A5915AA62230AEB0B51412F86

Filesize
47KB

MD5
25381c3d294aca41cdec310c7b7e56b0

SHA1
6e62c729f4f1fa54ef05d285b508eddbdc0d127f

SHA256
8e2d4c58efa966705d012a82f45df0e390be0fdc0d57d9692964cedbcaed971b

SHA512
865234d6cbe3e79e5c2750f5ba0f4d989dd8fbd5cc0727f1588f9c29b775eff04d09cf9bdf34fbc1e84fd4518750497e2c1b6c791d247aab52e42a4c49619af3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\68ADA6A2A4F2FDFFC709865AD2629FB4400675B5

Filesize
934KB

MD5
32c505ad217e8d163edb709511523ba8

SHA1
6bcaf32e52ac3568c8356c630270dfd0ade66628

SHA256
81aee177a9ece706d3faaa559f511e8a5a1b1d8d885fa805d9c2fe90ec922118

SHA512
130bcf92b5b720df9698382f8601a025e505d33240164a47ae76a243a51d895311b0461860c60f36f71167b6445c3584a46404e132b1864dcbbe57fd6aae1a63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\68C3B2C5AE2ACE130405EBE63ED27D6058E63A1F

Filesize
141KB

MD5
995fb2f7adcf2b55955847387ba6c60e

SHA1
45b6ed4c70ef1bcc289e6343094aaf960cafeb45

SHA256
4f6416864ec8f01b2712820d9c4a18694d1e529deea3fbb0369b9640866b0aa0

SHA512
196b47589d063a9bbe52d9312e86c2bde321444caaf0c81e82ce198e29cd6b1ae05a62955faf98651ac038250f7dfcd3aab537d0b2150f474cc9abf3ff12fcc8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6C78A8506F2F8019B55A170A2FEA7FD9FC69B12C

Filesize
59KB

MD5
e3e1fbaf6306aeadbb8ef3d2f3c05a30

SHA1
59243c0e4ff3473d05dbf6e6bb2ad4cc92b550c4

SHA256
40a15dfbdc8e0bbd1625fe9d78e613d7816e5fd2aca5a7edc24699da96efa3f9

SHA512
94459a2b4ed6883b690132baeb92d3d450f5b082035a60958e42c339f961a47710beb205b9122893819bc84a39a2cdb5f60fa4b6196601c9cf46bf9843a16058

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\73DA966E898670513B3B93DDBFF6AE8CD81EF48C

Filesize
49KB

MD5
8c90fd0301dc0361026989e1792c9ddd

SHA1
96684143e8d319b800a411d814c55fbae5536cb1

SHA256
f657376582101647aa25ae2d8951049f6e03d05ce3504bde69acc0336c075069

SHA512
0bc21ebe72153874f6b7230f3f6a2f53a2bc92f0b888e449446d2247d293bb90ab1bd2e6408689a704851c382bd49fbf35fcf356a3fc0ccd372dbf3b742e395c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\7E3D2DC2C0AB867F1D628B4E82A7D35CCD77D813

Filesize
61KB

MD5
ad0e0b730903a92e4960beab53871718

SHA1
b74249437d71f9d591a3bd3e9f4a461ddd9cf07a

SHA256
6cc34b04e71f875d918353ac094d356a053b867f734184d351e4fa6a7d47e30a

SHA512
9fea8b57a5857076a5381bd7fd5541deb8171c7cdacd63206f5c9eabbf838a6b7cd63f97e93bb6d7bd4c31a3b790f2a74ff0a93f51f1c88351f90d49a873794d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\7E70ED4B97A34E95EA37C1434415111DA60ADEFA

Filesize
52KB

MD5
6ac59734d08f1fbf6910d437670547a8

SHA1
421e66b9315f2d6fa0d080fe6ef7acc81ae3b9aa

SHA256
59aac36d99889679a2edb62cc567a05827857596517a0414a237843b747f128a

SHA512
ecf5cad78615efd0c119080e40c424395fd5c083b54647ddb572b63c68a4f059af7dda525d21846708f21f3c7e2db558b3b68bc701df5a05d15ae99177ac8b5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D

Filesize
39KB

MD5
b696ee233ce12248b777588ab85e9d69

SHA1
0074ca7833d9fa7409eb133c02e83a1dedf50001

SHA256
0fce492163a91631bac951d2e7c87da2ba339405456be3cae78158a345d5483d

SHA512
290295b9b7bac26f13c883c0b95a78fca467c9f50a11055d061060e10e39c9d7269506457874ab09282425013ec850950c0550c030a2c84aa4684ee72f2a10f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\8D291EE245FE41CD430578986A6C61DB2DCF3D57

Filesize
161KB

MD5
b528b2b5102d585d59ad664f3954ff59

SHA1
563f4d2c17c840fc08e3f6e084ad75f16bc3e5b3

SHA256
7bf5145062bf576bef93f4b1af94174146e07d47c9d5f08f72b693d40e3fdaf7

SHA512
fad77ce92e2bf964573b0380e82d31065c3ef353c377ddbbe0855c4e180212479d8af24b1e8948e22880bc5745900e4ea0e83b2db1bd68907a3be69f4001eb69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\8F9E247AAE39258ED6C7674972B4FC933A618AA2

Filesize
41KB

MD5
95754380e0322719600cfe3302656119

SHA1
6de048937f62ecb4d5c20c5f618671ba8d3f0877

SHA256
869ffd709933db09929964393b2b47bcb31239a0d9f17dd084a5b82c61f29cc7

SHA512
b2ced9474db4bc912e3c4714a1a9a4c58c58ea01107b455135dc6d54a7b9057ebaba58e5255d0246c3d3e227549ee8f5a609e3888d0905e14fbcbcdb99a5f03c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\91F31F756AA32DC0823EC30502996894D0DBC749

Filesize
68KB

MD5
54e7e124360eed6ff059d68e29c4d3bc

SHA1
57176fd5d730023282435bc43ec1d8e9b20be6ac

SHA256
1ee605cc61d9320b392cc07e391889052e6dc902a0854513d9ebbd7150b3356e

SHA512
98cabb90b75091b6a02c931a91eb465674ed844bae3d8fdee1179f9176299582bc9aa6a1d20353c535cbcabcdaa2b8e41ef5c05be20106560ee3cc12b7597fdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\98548360A42A21A9012B7B8CEF232AD237A057C4

Filesize
968KB

MD5
bc0f6236c5c12af6483c31d8bdf166d9

SHA1
9b165d32099b5a3009d3105a50294762044ed6ac

SHA256
7c642dd6a8fb44ceb9d8f07ca9b8030ee6b71d692bf0cb4c412879800ef12612

SHA512
d360266dd7413a587b77700292851da795f259562d7326e4902be38c66bc7ee3a1f50b76ef3f1e6c883e4b40284dc36f237aa830d117a038386caa714433a945

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
a4915e0fbf04a49f412aecd77c554fb5

SHA1
41c2fae69774f70a6b7a209510a3426512c2d9c0

SHA256
9970e7f05f013eb337f944dd677dfc5bb0dea01c80989d0445a5490dfb99f3fc

SHA512
22e28e70f14ec342aff5802dd4d5241e16e01574555694cb8f86800527b28f7a4c68d07fa5d78c3f832138fb6e931a7c1540d389606e14d24b1194cfb6a7c771

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
23KB

MD5
cf3af9b2140d27c0724541c409d5f55f

SHA1
3f27057153e1ba0c9de6dc1cc2f9e900aec4e29f

SHA256
81e7cfc1d5b2072fd5193875d59d6b0c4330c813db2677e77d3f69f0e2079086

SHA512
4fc4a7c7736a7d47ff3bddf9be82e815828e6853b87eec2cce9a3dc39d8b955a01d1ef42b154c395938b26728a7fb505978b298e8a99737b8cc612b60f4fcacf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\B86B02EAB8400C58B2F4F42B69E218D9C5FB9327

Filesize
45KB

MD5
fedaf0bfb91d8e006c6b78ddaafb58bc

SHA1
234707d3387133bb76b32c0ca831e4e60b88030c

SHA256
a85137db3ae7f4ae9e0d2f8688bcc26ba8f14eb78c3c8067451cc25038b0f6b4

SHA512
3cc0867930857ea9de3a6b95b84459f94ff26b8da6dda75663a2b298c9f3345892360552d3dc7bf2f298956d528484b136d27cb5e4cec07661ef81370557fce9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

Filesize
13KB

MD5
777100caf31c8f4c56e98916f525e03e

SHA1
81c451d00b55a628d791ef50684a929ea40f1ce2

SHA256
5412affcf7b304eee20d85c6767c6f97d3194a9c7167c4477b325760b698a846

SHA512
5190c74d68013b1f7e1a5c7a9eba6172a329dc244a17fc0a0b23616d13bc8cc90b490b052bdeb468a7c0bd41a1789e1bab8e7dbaaeaa0986408c3d568b900889

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\DAB8D45B9C4AE44F7CF025ADD37FA71699A13066

Filesize
1.4MB

MD5
096884e0a378446259ae2bb2d9f389a6

SHA1
afef0864b31112721ba36c3862534e041e62dbca

SHA256
8bde92a9d8694595b839d3eb6b2ee1a8285abd81c7af24bcc88156be30b97aff

SHA512
e038a8a7be77838ac04f0646e9b798ed0ac2ed63b2e19b6b3db576a359e6cf316b8fe2410f1c811dfd879e29972bf4237f1a3424b689749212628136fc2a46dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\E149268AA924FCC67350ECE1EE7A6A59202F6FB7

Filesize
121KB

MD5
0fdd9870b7176e2e7c1d8d689c359a6a

SHA1
4886feab2b96424e2d1f6b171ffe0208d24110ab

SHA256
e479952cf3000455e2b874708987300979a0bf1b6f5e8c62d2e78f73ea994284

SHA512
2febd7887fd47e2c7d324836770334cc9738f9f70e31894bd1ed45f232534f6939cad758c156a15b58cc08334b5b042534f6ae6e7be73c5f9980946ecf556da6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

Filesize
19KB

MD5
f273e722b97bc7455cef7f2ab3c3ed31

SHA1
a2eb19f1767fe026a0a4e018739138321bf2fa35

SHA256
9c48baad1e70a43901266b651f37681e8a587169028f17ce7f70b16620d3ba6c

SHA512
3198dc2ec7788593609073bdc635aa3d03b61cda26ab01b9f466ab9c0c0787aa85236a518e88782b573da0860ad11ab218b754d5a068ea1e3b4bb7d22d40c2c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\EFBFD9B4D2D1D7D57049773026B66B7DAA8C6769

Filesize
300KB

MD5
8379caa2fbe05607f2d6b1b37e4582b9

SHA1
7c3fc6c0b857483863a5689a9e103ff4d560e519

SHA256
978e9c40582c5bcbc93f1d438ad6251a8e63fd768c837e2efc63406fc0d7b95e

SHA512
9b8808919a6f74bf25d6cc615de0fe6f84cd4401a9a45e447d2f3dc31edd36f2b821d7e80d79438819f4fa19ecb394aa033d0ee7ad865a8b0600f1e712ba7736

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\F4DB32A33BA8ABD54C2F4557A74CAE91E42459CE

Filesize
36KB

MD5
02aeef210ebd5e0d5bd829f5f60001b0

SHA1
91110e25428adf38fba13d6f9bcf242485c8c6eb

SHA256
7955d9b6ef516a98abe45e19a446fcd04f87700f47cc5303bc0c268e988b92c8

SHA512
800e3bb7d58f385a037457b74ab35aa2ca6d9119d7cff218db288755c967dcab9ec6963eb02a9657434325674ffb93be290e014b2667a47f9b6f384fde80abd8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\F5A61AD0453D4349D87C3FCBF1C950A1B38381B8

Filesize
823KB

MD5
fd00e80f8a1f9a4ca07510238e0721e3

SHA1
a5f77cd4bfae9674ae8585e06fcecacaa6f12a02

SHA256
d7d2ca2588543f7bb4178312b3d4e4f570dffa08c7c12e73cb0b6fddf4cf20b8

SHA512
5b135ebcf2a65d387caad9a6d8f33fee88e76d6860964f7355b65e657129e01b111e55d02d5fdee20907b3876f5e391e50bb00a895debd3246ddc860a1f2a4b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\F72B374DC96EDF65EB8F4062EF3DA2023F9F563F

Filesize
46KB

MD5
62e17a8364c57ae64986269fa10ea3ea

SHA1
b759c1501bea4f1350113943ec4a0d69a389a7bc

SHA256
bb680b6458f5ea28e16c09f95a5d5dabb603bcefc5cc30534e936b25c09304c1

SHA512
3b530f8eda80639a70a9780a13a1ef786217aaa4b435d42d8c877d670c9c89d07d5e69bb3ecb6b693c260b4c7fc6db299460194ff4f39106c5ea7ea2bc9c4373

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\jumpListCache\ZWhdzyTA3Hdr+Itt9fbACg==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\jumpListCache\p89CgeCC_6rbJrV1Pvl58g==.ico

Filesize
261B

MD5
f874852d50337d63834783f46a81e33c

SHA1
7802aacbdbc68c3e9efabfd90022ef38fc9e44cd

SHA256
21d54523be6772e2a59fc6422b968200d9b55b4137670ad03c9558e62380c966

SHA512
a1087fba85f1169e3ae79615e083ff469b0f212ee2b9e8b47f28b7166233d17424fb818be64ba45beec8d98f3f652c590019bc6310c9f1109cabe33bde653ca3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JXX74RGY\bframe[1].htm

Filesize
7KB

MD5
e8996b1404e336a8a87fd7b447a30094

SHA1
452a6b7f69a831160abde98268b7f74abf2ec9ef

SHA256
71153d06884eee6bcef121405cbfc3510a3fcfee6dd61d7fa0509b563fae94b5

SHA512
53e8a1059ec5696e8ee2bd75aa795469d63121f38f7971aff089ce09a8e1024c9c24e8582b50c565f57b2ba5d2f5d81123a5b3f3741f7e5d8505f3fa0c3ad7cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JXX74RGY\recaptcha__en[1].js

Filesize
533KB

MD5
93e3f7248853ea26232278a54613f93c

SHA1
16100c397972a415bfcfce1a470acad68c173375

SHA256
0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

SHA512
26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MWQ8FD3O\anchor[1].htm

Filesize
48KB

MD5
2dc3ce66f31246b608b04bbaa07bcd27

SHA1
8f58be3f9c318bce060001c47df56e1a5d704226

SHA256
670cfa4ff3dbda1d8f0658e1e38b72730aab9b9ffabc59d6fe600ff23e17c243

SHA512
ad099eccb79fd0aec42c38985026f1911df3bb5ce01eb90b72583c26bcc1a305e0b71ef3a9eef7e772428520a560b6b94ab74166b0c785ee1860b359e718717b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AE90ONWS\www.google[1].xml

Filesize
99B

MD5
f148a3da58603f3732aaaad3d1faaf96

SHA1
6387a645a082cccf72656231f714caba2a5787f1

SHA256
9e697e65d3b309e0ad411f4e19e56cc8cc91e0e9bae70beaedc509f3b073748d

SHA512
035fed43bc3902a1278609c3ec018e790912d0651340263c9ad15c123c8bc8c8838d3f13b7c89fb13af623384fd2b5073b076a742761d40d5f7037036117019b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\L1SEOG74\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\T0N83H0D\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WA1HUS9M\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
b7807eb5afbd88078203e40c46c1980a

SHA1
5a52d776d5e15f776758c9c95ad60480479c5e12

SHA256
aeaeb4368c3ec133b5ff19af2fbf7003eef0eba9557f1a660410d7314dd2252d

SHA512
ca25367c5757241cefe64305e53cfb974db1b5f69da20a5f6136d44d68e929fd94a2554bdca323962c081ee55d1a3d1ee42cb3aaae8e5301f6b3f9cd47fc3261

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF15694BA6783D2DE6.TMP

Filesize
16KB

MD5
9bf43e801994cf52298a5c8c6d699763

SHA1
79d5f9ea2377ae8d343e617536cc85ff8d0c72b3

SHA256
878bd5d2a39f8908a3028f01227f281dc7f04e0145e35226d2a19e87d27d6424

SHA512
23721e726ea24cc41ad1db7af313175734dc79d7f85431e49abbc2711f6c0ae0266a23bbd127972cbed4297c283b39090e74d195c93bc903809afed3a0d4e98e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDXPVNS4\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2

Filesize
7KB

MD5
7aa7eb76a9f66f0223c8197752bb6bc5

SHA1
ac56d5def920433c7850ddbbdd99d218d25afd2b

SHA256
9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7

SHA512
e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDXPVNS4\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2

Filesize
11KB

MD5
15d8ede0a816bc7a9838207747c6620c

SHA1
f6e2e75f1277c66e282553ae6a22661e51f472b8

SHA256
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

SHA512
39c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDXPVNS4\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2

Filesize
5KB

MD5
a835084624425dacc5e188c6973c1594

SHA1
1bef196929bffcabdc834c0deefda104eb7a3318

SHA256
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

SHA512
38f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDXPVNS4\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2

Filesize
1KB

MD5
57993e705ff6f15e722f5f90de8836f8

SHA1
3fecc33bac640b63272c9a8dffd3df12f996730b

SHA256
836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d

SHA512
31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDXPVNS4\styles__ltr[1].css

Filesize
55KB

MD5
4adccf70587477c74e2fcd636e4ec895

SHA1
af63034901c98e2d93faa7737f9c8f52e302d88b

SHA256
0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

SHA512
d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MWQ8FD3O\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2

Filesize
9KB

MD5
df648143c248d3fe9ef881866e5dea56

SHA1
770cae7a298ecfe5cf5db8fe68205cdf9d535a47

SHA256
6a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2

SHA512
6ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MWQ8FD3O\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2

Filesize
1KB

MD5
52e881a8e8286f6b6a0f98d5f675bb93

SHA1
9c9c4bc1444500b298dfea00d7d2de9ab459a1ad

SHA256
5e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb

SHA512
45c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MWQ8FD3O\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2

Filesize
14KB

MD5
79c7e3f902d990d3b5e74e43feb5f623

SHA1
44aae0f53f6fc0f1730acbfdf4159684911b8626

SHA256
2236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff

SHA512
3a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MWQ8FD3O\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MWQ8FD3O\api[1].js

Filesize
870B

MD5
a93f07188bee2920004c4937da275d25

SHA1
901cfea09bc88d26a55cf2c57ccdaf45dfaea95a

SHA256
587d5394ddb17dec6f39de2e973431f161a1e08a45d499fe7c7a6333a93904cd

SHA512
16855a943a768355129e31623e5eb7064741d4d07ac2c0fcd21c5742a1b2e2a2c3af38e0f481bd7b8006dc96c408be07b91bbbe28ce7c4f7f0f7d53e427500c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TBH1OE77\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2

Filesize
9KB

MD5
efe937997e08e15b056a3643e2734636

SHA1
d02decbf472a0928b054cc8e4b13684539a913db

SHA256
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

SHA512
721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TBH1OE77\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2

Filesize
15KB

MD5
e3836d1191745d29137bfe16e4e4a2c2

SHA1
4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c

SHA256
98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd

SHA512
9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
897068464f17087abb616f6b0477d80d

SHA1
bcdbaf5b2622d347013f80f16a5ee98714e26915

SHA256
e24895c78bb9f417a792c478e366a5aef4b50478d205ac36878a58bd72a04ba3

SHA512
3c2c4692c4229befd8e439eb1ea51f61c36a7425661162cb973ad27d531a87a0b1dfc2cc9a5e2cf74f8b83340e0a1c8d37996c208dd4fdd2c6330356218dfe3a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_DDBD94486534E9D7296CF30055005EDC

Filesize
472B

MD5
d51645c049cbc840d2475aeeae27fac1

SHA1
652bbbda5c12f70278c2479291554a27e9d74d86

SHA256
e2ac6de462ca32cc74ca175a72818b97af31385edf176381060154313a608c19

SHA512
fc3bdf8be419377103fa02adfbc480da7c7301e2305b22478f922452d8a065d75e6b72e050f37471bcaadeb0b78b6172a0c32dd697ab50a2505bd5be954b2684

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
a5413609e594d8853da5a28ababa5e9f

SHA1
2e829e48529e57661d738067db0c3009aceeb54a

SHA256
ff204a08582853eaf0fcbc16896d244ab884a53e8fe5e364362180f1717ccc0d

SHA512
d97b1519de6922ce96b96a1f978773661d5a8d2aff9065e20a98ee8bd35c9f8bc1f426fd57ca1491fc0a7693a2f7e9869d3297cfb249aeb2959d008f76036e35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
df82395ddeee5d5bfb843c5ccadc8e86

SHA1
638002b901e48c169eb42584f3f2bb70aa6f2e03

SHA256
e89f079339eb5166bbfe5318101bdb661ed28ffa5a5157b16c6ad9dd6f125066

SHA512
bf5f5c883adbb0c884ba8bbd3e0b68d97961e7d5803e95aa9e3ae23c7e290a768e4d35649fea1487651ddd201a4de7e3b0937abe2ba03c499df1c6480eeed695

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_DDBD94486534E9D7296CF30055005EDC

Filesize
406B

MD5
366b9c56ce260c73edbaf16be647868c

SHA1
400a64498a1998db26226b86bbef47f17a18f3fd

SHA256
66adec59407db8d1bf44d09cf51d4c11d6127dd30b4ac03a701b83f531e934d9

SHA512
aaaaafbdda18d9a0f9c7c3a3625ef1a52318ad2152337ac8127f52ae4546ac717bfe16a9b86d7a156da3eba863c3bd74fd7e882d457f1a8b7d33598cdb512355

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
ecfca1789c55742c8b5366711692d5f5

SHA1
fc2faff543e7172d93511045df60f84adac1d10d

SHA256
e9c9fd099389bc6447a7250ffe713584bce1acc46c3efa02ee83920c5272b528

SHA512
2be8ee200db12c9c17fb841f999cef7d03ab28332bc75d99f4bfdcbb44086e6870281b6dcde4dad42c099c1e20749e4d53ba580bff98dcfb4cea96388378b2ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
5a14ea15541396b0bd460eb7f712ca26

SHA1
460af38cadf0ff72b88908dda16f93bea27dc319

SHA256
1d1a7a6f6445367da34629a0989ec729fa7be057f7404e7e2fcaa115dabecf95

SHA512
bf5d34a60778bcaddfa435cbb2898741df9371c39d96c40a5f7d5c688d4e99b4b25e606246d14e3534236e642a1494c084e4c5d99fa471d9b6c5092b7a3516b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
650c5168b21cb32ec75a02a7550ed8a2

SHA1
82829cc9a5177259b317c90984ba654a1307daeb

SHA256
f085d7b4036a9239460dc41a44d5ed8790a57ddb7f79168184d17031cf32016a

SHA512
85e78ffa54f47a73ae129081b5bc443f14dee39e2125dc772b68c58db3c731cc46d7549151705b3d9c6c904a9468296fdc2141a98e357c7bfa1c9b30614c2a6d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
5d781e3be8e2be46642f89fbb0d24c1d

SHA1
dd4c6e02438781aa52f27e248379de387e4a3c37

SHA256
9bd39bb233e9f6420f14fec9853d51665d64a21e3fb239568c2aa85238ee6e33

SHA512
c3a65e6afe2a1c04ace341311c7005c911417e041b8578ab32275359c3893fd550edef9d98b5e1dec3447f359053adf84bf30aee3efc7523d629e09ec2167217

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

Filesize
2.0MB

MD5
2dcf8f07f4ebf1b2c5f76bd54ef367ac

SHA1
eed3fbf03782b661649d67dc52fa2b097aec2215

SHA256
ea0c4a28117a17736b1673ce707a49eeeaae24a6b8a8abc5e191cf3f4e1a01bb

SHA512
a734e16ea02f46855e8259b7ab0b276dea6f99b73f903e3123ad90a17c0c5a01e923d63664820954e45154c9619af4137058c8fbdd8bac7e7bc201393a32799b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

Filesize
2.0MB

MD5
fd9dec4de8b4ffcd02f11197987d73d8

SHA1
321012f0b3b73e97442b1e4d9b9e67b05b73d437

SHA256
05a06a48e7120bcdc243ec7176462410d592cbe710a95e7146b78feaf857859a

SHA512
8bf30ed2225b13e074fe17f964ed5684e6f83597a1014ab54ed8423a5fe8481e903f0ae762cb94d1445dc0a1a46620fce1eecc4c1adf58b435a3cc7616608730

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

Filesize
16KB

MD5
a45c9b6f6940f5ff0d3fcf1440a9db7f

SHA1
30e73b34701643261b1608f4e41b38dfbe5e708b

SHA256
be89fd2dacb33b221c28090d5b1bcb8ae7a05275b42293459e22e402063b48c7

SHA512
b8703c977d5ffca9695a843b5cedb26c6a031a17faca214e2c84b074dcf8a47ab9ad3acc56997fe9e5dfe2e7e453d10986fcd5c0f029052c501d908ccf0aef70

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

Filesize
16KB

MD5
d90af83daa2ed49c5b809d5400914b6c

SHA1
b8b56829774c3e42e6b0704483fcb1ce5ae86c1f

SHA256
03ee2b9f364e430c11c3f3bbf09815ca7f8ab54ba35f41c65a1923a2cab4649b

SHA512
872218f834f0b73c138dd992c751976fe2458fa2d048726316981874e48d8c3a36e4d70c72f2fe20c4f67f80f8df37cde9f7ee57dfaae58c8c10edff8c3aac82

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ksi7ixp\imagestore.dat

Filesize
5KB

MD5
200232f7622e35d22149b42145edc08d

SHA1
e2b4ec9c53ffbfcb3dbf2a93ca606e052e8c7509

SHA256
fce9405f1192f61cf5dce08516f415a5afb5ffc6b76eee961d256079234a7469

SHA512
76ed4940802efaa95ddfd7d500670f6eb2e03f51e4505be3d1a82d9aa34da6dfa9cc8c8e416dd74e2781c2f7a19cb8ef23da90bc14fb54824d765bef805a38d7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{4BE62E8E-7ADB-4379-A3B9-0D0AC39195BA}.dat

Filesize
4KB

MD5
3e4622aa8685571e9b61c0a978a83959

SHA1
455fb7be39935d4b87ef312a6852e5ea6c41d2bd

SHA256
f20a9d02fbb602d8fad7a8c9fdeb6672512a390e809b9a3ec745f361b51bd4e1

SHA512
ee97a4f0b24971abf8a2effc3062471f63cbe0fc1d08b17ed101a219fed229699a0843bc35950140c7fd3b366baa016da497f231f78b502348ebd021a2f7ab20

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{7E9C7797-C6C6-420D-ACB8-87CC265657F7}.dat

Filesize
4KB

MD5
affc9d2e950049d015eac7a5d52b5784

SHA1
9a3eb99ec50efee24857517404065bea1c6253ec

SHA256
c43c5fe0ab0cb59773df267f7e81d9e3493e38d36d0edf966dc3062620488cfa

SHA512
d835fc39f221a422295c4df5fb59fe329bd47cd9a229fb41d78b09374c629c75ced033f4bfb3370163f933a8f10fe32980db045f22d330d5d5d36fa9c9d439eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{A6A2068D-02D4-41D4-A067-93B796A9408A}.dat

Filesize
8KB

MD5
76366ea02101e87c1a07453c6a9ef4fd

SHA1
219058c2e5d5daa2fb1335de011fb8bc3668fb1a

SHA256
a32d5f6d8c37e5941ba9bbda1b87cab4639d2c3c5426bf68bbd8595c0edd13de

SHA512
d73ae5f8932f328d9a9bb4b6c130d6214dbb77fc4e368a7ecf6bb2eb5b13875591745c6701f9ac3669514ce78f213282c45d5fe7200fee2b6a0ed1b012ef3506

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{E43C991C-CA93-42BC-9561-8582BED2CE82}.dat

Filesize
6KB

MD5
22dff45361e8f2a1186d810c0dd63fc0

SHA1
e3370f016ad772fde9d01eb50c86617d8bafc431

SHA256
0c046c9b8566d0134d01336f3f34179e6255108661353f3c7f2a1d6f0bfca319

SHA512
8a3d963598c0d6db8a18f52bb57647d158ebcde66e230164661085c9246e67af17d482b1f25af3ef26ef7d2c430686844a5f7e6a8db851c6603c8eb34ce13aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
437f353bbcd8a0b2716c72892022a243

SHA1
0b1bbdbce22eccc0772ccd6e9cc1fa9d03c38b63

SHA256
a95c4a1a13dd465ee0258762831162f0cb801e587e11317a3c3c986c7cac2852

SHA512
f18de00ea19df0a3f84e9cf4430c607e5b0c08c310f0c2729f38e0b418f143039311c7a42adc6f0cac85810c0479d3a977534b4f1bcf89ba2f7ddc26d9dd6647

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e6d3e9922458667f13a16a3537fab551

SHA1
3137e69e81f34bbd410b0c37fd23f2576762e0dc

SHA256
27fcb9060dc327f83c6f5f01fbc9d7de1412f61be3837462cac9a1c14f412e7e

SHA512
8ba8ea2f464afaa5fcffb1138bb6863e46eccb90a5207f33507b22c265047ddb932d0cc87d384f39acaedfad6806b7bdba6d3bdf2740b93c89e669f2153cbc13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\1993cde1-a374-40c7-9320-89729d6e9580

Filesize
10KB

MD5
b8933851e286c51077da75a5751bf2d4

SHA1
05bdd57960f695f4f5ec0fb4d5841304ab086f0d

SHA256
83bb0263ce6674fd199bc5bbe543ff7d431b2a608f2bf5684911891469c38493

SHA512
03576be4a29e0d7770272ed3594930e823c758c9174f141fc2ee3fd55478403c31ebd6084cef5f5cb4706fd05162b4c8100dfcc2481819f8db333a37234a6eed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\cdaead32-5486-4146-a635-758ff9040a27

Filesize
746B

MD5
47e5f226d9700e9a16ab0b187165e705

SHA1
7b343a0d84872315d3bf066a229f2c80ee6980d0

SHA256
26908a4470ce009dcfa4bfdb3f1a8c81e31a2ac1147a5a5859f3cfeb3ad04040

SHA512
c33412f00992b4f42bafeb38ca0467eb3ac4f25e615d3bc71c05037db38bf1284f17fc4fd58be1920d02784e79c73d7889f74363b0038b0db297b4383d29dd80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\downloads.json.tmp

Filesize
937B

MD5
5f30e691faaa57ac61ab6e118808d3b0

SHA1
f90ecfa54d208ad2b39c3c621dc691a019641e7a

SHA256
a793a0454cf85146fd59d0847e295fff6be66d0cbc6e08d458a4e8e0ed6261c2

SHA512
54423963480359caae43e0ea9cb12607d984500fc5d9d783da2b2f87d47878d0079602feef717dfe01c869196a8e03c752b3603931c2bbcf45f17fff57947617

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
7KB

MD5
9547f135db478611d3f52fa920ca24cb

SHA1
e157ad1bc94d771433fb1b41f0c063dbea8e2fc3

SHA256
da2915d5f9a2be1d2b3463ffa23390ad98207ae698c1b051bf0575a7cfdec430

SHA512
eec5975aedc9e879a34ecea5844aab02994f054a2d90dd218cd0f01316535f2dbfe77c09c857f0132351f086d97742614b38030c5d0ab5e7e014416259eb1255

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
7KB

MD5
6dad266a17180bd51fb95ea10b8ab45b

SHA1
70ca6c2294eb40bb2d8b307e6a04cdac903acad6

SHA256
5e9f3c903afd241e1215ac38429593455e84e3e0c1007230df3cd7208f14ca4e

SHA512
f8bedb7971dd3ee53d55e5cf540eb4faaa25fe50d1dcc4bdf74a940121e502c5c2ffdd566cccb15ad5ced8a43491c13831ced2b1ea3488b80f5222e0b23a3a16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
7KB

MD5
2fad2f15fac3b99ae08e9345eb6b8c6e

SHA1
3a2119e35829abe05618bc7e155799cecd1de3ae

SHA256
aeaa2d0544a0493101077959140d8b568f847daa21314281210e6fc4a1bf4c0b

SHA512
a2e1e83efca48d84f71694f95306a6915265d79cde5fd6c2f27da470482e9615ec7cb7aa9c7ff1a941fbee604263e774ddae8b9d3225b3b73d1ba0a0af95b257

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
7f37a392edd9e8b55e1254b3133064fb

SHA1
9d75b420a7026de11381e845e98825362978a0e2

SHA256
e6b45d19d2b026462a79479a641bd1b2415a44fd4e481f4a1020c0abb3ecf438

SHA512
ad27ca2e94f645de994885a24599fb7fd4012cddceeee44ec5751875061f46c0b475a5208a13ab4e5121419fb599789499200e8d86eb63cbe5a03cd1ea61d8b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
4a53f632d77db5e2f202d6c928900110

SHA1
1e9f6bfa90d387bf05aae1ffa3f9269fb7d21e6b

SHA256
4319a4306fd522ae34a13f55cca0f1ca7f2dea396b5fdfefce7adc355e246ac4

SHA512
6b87c6c8344a752bc3554e18c15534c2ccde35741e469f9445643c893301ebe4015624ca1b61d12e1c82286de66b653fc732e2ed99ad3c7264b7f16da8e0a36d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\serviceworker.txt

Filesize
363B

MD5
d195d38573c30f4e29e6aa8368cc9e73

SHA1
79025d992411fbed1cfe267de7fb8ab683e21919

SHA256
cb7454adbbb0d8920dfac1b67c2cbce6f38fc070e2ee32f4950f2d7c12495841

SHA512
f2bc56b5f25ae7b7e4d3a2e999d3568c3e1ca5b1cdec3cd51c602e2e3b1e94648740c6eccbebc0eeb41dcfdef7b2e9cdb7fb0ae06f64c5fdbb4d053ad9ddc7d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
c7845244212a61334aec059243d3dc46

SHA1
0ef946b7e56e560898d5b8f9875b5ee64aa0d2ce

SHA256
45e873a5291ab4862fe2d87732a9c5b1788b754c7a76cd18a390b66ecf631155

SHA512
83a20623599b52a28ac8231a48e2435cd91bad705214cb376f7acbaa4a5c01c033f0a676bd4162e7ce2cebea6dc734c9b698028659e8b21823d5cd6eaa067b12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
f87e2ba05be1deb81c6867495888d7bd

SHA1
ca8b3a33e27637d84d33da9d3eff18279f2aabbb

SHA256
b290d6b0643c0de7123ca68f9270d3ced645eb2fe1dfbbbf0db5f8021f39e9cd

SHA512
2b2517d9099ff48b71e5acef45a556809ceb3e959cc4fc76cf570d480beea72930fdeb96847caf686ce2fb023e0a940d72b162d2e60f783460f1451aff892b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
4c91f8ea31c0cf8863af377ee8bc3a07

SHA1
6c2463ab8e3e5ff3c669a019171bac8b6a93f1b4

SHA256
ff3fb4f23c80cc1d8d50a734ae55eab594da59c4a9b6a5ef357df81b1c04300a

SHA512
156593f41a24142c7c853234e758e5c4ae85c1a6184b0932cc00fe7b65fb9c31a97ae0927f0c71c01ef87c8f7c0f932c9c7a7134d115dd83c62080afed7aa5e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
987B

MD5
d716d6e2cfb5b689fc622030482d7953

SHA1
e2380e7d569315a7a6087ab63068cabb1a38d253

SHA256
f8e4b56e30a617591582e5a8e9831b2b5a9ac71da415d7028597dc10a5d2e9fe

SHA512
7fa43336013442e8e5e71c046869ebc87014a526f31de61f2a7989c57ab5e7183cf11e34090fe08d7f6eca3da3ef5b5a05f3737594b56b8e271dbecebb8ab029

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
a4f24c00a6387235d345712f96d28189

SHA1
6ee7559a9f4606a91b2568df90a3bdbf8c5cdd11

SHA256
d5f33361c17c4f278cba254d5c7f30f5bafd37e14fa2d87a7bcd8d45a2d948e1

SHA512
31988bde5b74fe06fbe215291186967eaac3ca46aaa41f4dd9ee50573721df32011d54a0f332f77cd64a461985b2a3710a2b14e6c102870286b82c6f614436ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
689ccc91fd3ee1b0a9db90580b737fe4

SHA1
dd63b6e714aa3ad19c479c7a86e91315f3890ae0

SHA256
4e864d082cb8e28917209803fa1ae0acccb614d7970384b306b16958f6106607

SHA512
d8dc2a9d371d1a428a2c21c9bee3af2b6625fddebb8671014241945674eca7420ffe293b32aa776c9239c386d5701f6854ca984b73e39ba45489ad857deefe69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
e5211e7435f6176f1e0cfa5a149440d1

SHA1
3b746972cd1bd5fd6c0332792c439f8242a103d9

SHA256
13f73cd2e39f85df0f1ae5adf32b60b146914ab778f28f2203b7150d6f0fa08c

SHA512
8093665a1b3cfe2b6c5f59ca5c464206dc2bb48f99f22e6992e0b751642b795d89ae5d8213877cb2eedb9f47c8f942b55224a79ea4b756d09b71c6a2d63dfde3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e92fc7cb21403a68dc0fd119285d8e6d

SHA1
63ed09125933512a25e7382c4b66068b24910693

SHA256
be6ff651e3cb5493a487351ba74540fc3aebff55c872ed7558b861439e0d070d

SHA512
160a019175b42fd6cee5fbbdc62f5d828fdd08dd4053ad28d2fc89e568a35b37d1e0b24f5a59ad665be95f9ee1337a93627dd469647769ab0065b233ef203477

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
9c0feb52d57086cef9f85c985fa7e065

SHA1
8262b42dffa6bf098b704bf3651189ef69a17de7

SHA256
64deaa9a79bb8f26be92afef4b5491a394e6db67d3f2f766289c0da86d23b134

SHA512
474a30a3c187cd3a976fa99ac24ea9e33dffbedab763291df97e8b83c64b65abcfe3226aeb9eb7a52a4957d7f9a18971115925a3112c44bca6f4cbba51dde227

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
55bf3b420dad410c0668e678c226db8c

SHA1
f1b569c9a68a3addc2edcac4f00ed9757bcf2041

SHA256
f193ea3f7bfe62829a0968ca8cfdec5d6351ee901b297b945cbac5f70efe34eb

SHA512
31139770993690b57ae93b17bb4a5e758ec769c53c52adb95f3c80a95effb212ecd8a105928c8eae0951b68c1cb52327fbe717450a1964b7195ee7eec379f697

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
b2f79a2de7a3722cc3314e81c13bf91f

SHA1
0fa5e5f3a6ab19c2b29cb0e853ce07b6892e6eca

SHA256
a9d789c7eeaf43790c46ee359339e968607e698a6ff3e8d091664f38e1c7e9c6

SHA512
b1558456974519c1b4ac8779a18222cca4da617582156480156d31a421edc315004315466e7137d620dc46415871c95213db37845c0e795c25d171515bd24e26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
4b5b5657375a12358e98e1ecb66aca6b

SHA1
28dc0961d4405b0971d561c0cfa92a4561fdbd2d

SHA256
e10091a7c55445db5eee4acb619329261ab6227a63c4895f1c882d83c2a20c36

SHA512
f1dcd59d554a7d99a2493fc5e1af392bf61a4af77bf7d9bd908df6c80710d7a3cd8ec40afb114b74293544f9a5beeeebecded2f57d364e2f68f0a4306511ac4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
4b63f020e7160d6ccd0bde91e6b4bb14

SHA1
52a6d7a6bb62646b7f38579d204df2d10b8c3ac1

SHA256
537a5206c826fd6529ee8abf860225b35e95dcc9419e5fb0bd3fe71b083eef23

SHA512
c71a572daa5f11e96ae294b639620cfd5180f4333b6961b8fbc811bd93af7fbc8a3f701e252b2b9b193f85574353cebcdb064468fbf5396dc0b08b36c32c1a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9243407e7e5ba1d80a772df4e077ea0e

SHA1
27464520a11b5efe7424130b3c00c987a85d55b0

SHA256
5e25ea68c6f9677b0e984294198232cf5ae731a8e9b48de265790f384ec763cf

SHA512
e01ef7bc1485b10677606776e420fb0dc5cb3f677bdec9e2ca28f0d4b8d8b3258b600b4b630a9b39944fde85b446ca1c711db4d6e09aba95fb575a9812fd356f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
a92668211db695b3424cb7009889c638

SHA1
b84be35dc0fb0d6073f41283f3fef49d174790c0

SHA256
a3db54cae19ac2f9be13256e33abcbf0c75f94d41bfe222dab03c09e1543fddd

SHA512
dccfc5303fafabe9c07cb45bfcc89630261b2f741e9194e986fbf726092924d64b818c454cc8985be5c4b743097ee46e2870d297214228bc1e4de532cc864b38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
810faf1409d28746a10e779becb091c9

SHA1
9a142bb6d4dcc41b3d514188e1ead47b3964515e

SHA256
4e877178286378554e880e45d1a480a6efe83f936e0048bc8d90dad0daab84d5

SHA512
c2ac6cb79d31b2807c1171821a6ad6d9b998cfd77d89753cd80bbf6b76c4c5e4b75da272ff88735f26f3119a5315031963a298d7b415abd6b57e83c0c0c86b18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
0ec7ea0306ac5676a555aa30f5cffab0

SHA1
871f4858cc5299c3910e134e37015faeb1f19037

SHA256
b2f3e46db41affeecde90aff8c9ecb4ebb89986820010c41c2b3fc0f5f271711

SHA512
1941881bf5e81e4f8f2131293d273b6addcde9173ce46f6c844b6e4cb605bd10be52252f0ae2573e394fef46a7b0f6afe35b532d0da657a271d1bd09ddcbfd19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
70a4eb097ffc9688a84be01de4e09653

SHA1
1ad204b72603e58c18148d8426f685b08a25d73f

SHA256
6dfa538e4ad0e27f2effe1bb56fdcea8bb3e7507cbaf679a00be9c4c89d299eb

SHA512
48d7cfa8f61dba5bdb331cf545e244106c3b1cea7d8cb531e0a8bad6cb298c571ac87925021f9213e8d690deab1681ef753405110321635fa0bb556e7837d100

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
737511a8713f255219d93177fa64e8be

SHA1
8b999e6d953c149df00b6a7c021215800e487a4a

SHA256
f82daa1405d4a74fb8ee023f963f005f7db0620e7ec839b16c120a0072d706d5

SHA512
67043b86d755db51d07aebe1ab3de025c66d8b415d941f1dd5899aa66a49ecf857995828ff233ef2fec9559827f6ffcee2aaf3106117da42b342b4f84eefdd8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
9cc5c849c9f9cd510d0ac57da5fa6c1e

SHA1
517f5ad9ffbfe853f13bb597ff2582d05e0c28fe

SHA256
c787d531be95e189f658a5ececc9f9a1eb487aba4d01f67ea70bbac4708b1862

SHA512
738ef5b98eca7a232d86a4c5f82b0ae5536f1af3026d2c9ed58f241d95a22f470e71c5c700c46d18a1d7797a82053913222f3c139973ed73383ac3825556089a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
2d91f1af844f29b6b1de0462ab65c351

SHA1
0534431d4c31ce9bc032d89010db7603a64d9843

SHA256
a1b079669af45e6d15335f4f753062a40d812103e327a509552f005a2883768b

SHA512
fa4b061cd9d9f7094307bf840b7ca93c58aad2e54db82b97f651ff4d5075aad4e3e56c6cc281dd5773f2e5ff24b1db425f3416dac53c75911a5c5a20ea4cac90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
96b01859be210a6df0df79f57df23d6b

SHA1
edd9455955368799384ed59c3b8b3103daf13cd5

SHA256
de09365da8d74316a715e8e6b534cc2c3209e5885ec02e494a46ed6c976e6499

SHA512
f7efe55d00cd035e431abc303173b6879c27ceff76a6809dc6c595f4b70af13d152002ef52ee6f43852968323c0fdb0769d82c0742c236417e9631cf14120919

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
f85b6403e39f1961ec0bc44ce35c8bc6

SHA1
96f6c07ffd97a210f252143917664a328d93d158

SHA256
dbfc80bcb3c9e8e64e38a61ffb978046f904c72e4dbcfb4d1aa87c2d141b9fa2

SHA512
5eb0b5409397d5e012a6ed944753ca69ae44a6e488dc7fed8e9423e3e56e6498d603d822ae48d23d194a39a0bdec9c27848e6ffcae69a9de53e28088b2d09478

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
3300257d1692a336feb83f05b01c3be9

SHA1
ba9a372221295401657063aa532d460c4b6ea494

SHA256
2593311fb72191cb808b09824ca21fa49571873bb6f697b0d676cb1b8335d09f

SHA512
a72a9a5d7ace80e4793e4b588269fa6961304fbfefe7eae05ead80977332e3a205b3e8e82a0af014751b44fd0ba6b721f2524da6526808b97c65be1563de6688

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
0eeee30935ea81d485b982e956c023ef

SHA1
70e9dbcc85886b6714b17e11b56e014055978587

SHA256
094c52dcb72e07b38555113d744b74c8179c9a64c005c9f952679e60f68d8d6f

SHA512
6182cb0689a6696ff2aa631ac0b491067d443602f9884b997e1ce7c00422015017036cf77aa6ac1c9b8a493bdffffcd1323b12972d7ff4621532ceb2adc22319

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

Filesize
23KB

MD5
5d394a666701735bb20c30a2d1647586

SHA1
5b9effb8d778ebb142d9895ba1b5925282c6cabe

SHA256
779f9062825f84a04eb162e8bd5c317e3e28e25758e6f1dbaff3ba34e0ea1b16

SHA512
111f76812f00b3f3d56aa40e44d4577f10e5ae75c798600629e48da51b38564386aa3d9c1f7d676c000749f7d4b20a46698239700a150ba2dae67ab9d2e8b604

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++bmyag.dwhitdoedsrag.org\cache\morgue\106\{2c945f3e-ce83-40e6-a0f6-bd564f71b46a}.final

Filesize
19KB

MD5
47cd5467639bfe24b1619c3b7734b8d2

SHA1
f4a1a030530684da3d03f2dd7968338bbcfd3646

SHA256
ffd7b0aeae1f8306227b79cdda1717fb98e01478ba7ab4cba508b737486ee273

SHA512
02d4a29255cc82c963b10d898df79b90c8f94c929b02a8481781fc807337aaaa514e28cab2e7d6ff8c302c16d0a710343fa131fbfda43379c0fa20d239d61596

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++bmyag.dwhitdoedsrag.org\idb\2728594770keeryovtasl-.sqlite

Filesize
48KB

MD5
d09ad5762ba3c421b1f9ca24a78d2b47

SHA1
12d62e83e3e9fa6661ef107d880a7d372c4e9d77

SHA256
2c4b311b9124107e8bb1aec6b82151830c0061aa309bfa0cb6acedeb67929f73

SHA512
462e4480a74a2e8389b559b063c5a104324603f2eee957866aa9b381f8fc02f6b0cb9229d967c083ec84a5c9045b9f913bb3c0e6c7b44d8b499c2b8ad50ebdbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++uploadhaven.com\cache\morgue\11\{64c867c4-52c6-4de7-90f8-076660bb8d0b}.final

Filesize
44KB

MD5
7cb947b2600a10b9c25acefe29b67965

SHA1
2f622219a1df7bf60a26a58a34085202c375afc9

SHA256
71f8698b23db46414f2edeaa950c94cbfe3dbe3eb6b758819d53fd31a7918270

SHA512
3b4c643052fe2a76ada40c1294895b01da3848ccbc6aba33d53d204be08ba2a570c99d809a885c770ad83a1826cbdcb91c3e3a5980a4dd6407956f501cf66c73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.reddit.com\cache\morgue\96\{5d9e184c-9e8b-422e-81ae-044d9b94fa60}.final

Filesize
2KB

MD5
d106e9d73e807ce0916ac3fa51d1461b

SHA1
a1138b90f539ebe70efe33fa35f96f237fc2c059

SHA256
1ddaf57a54e90c2f53b0f3479651a124f56d1ea3ade097cd0bfa0157de62f942

SHA512
28a0a450cb47d9dbdc743a5ff5e472ace7ffcdac7644d155378e9a848563b58061110f7fd1e2006c4baf1229efc138f6f3ddda847f1191557765529a8e3517ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\12\{37e9d5b8-d729-41e0-9e3f-68b6d0b7930c}.final

Filesize
4KB

MD5
36cb39e9dc946e4b2b662626ed2fafa4

SHA1
c47a08207034718bb83cda458b8066b447513dc2

SHA256
b2c941da054ee74636f663db7bc5b0a7decbfc37c4a6686658778cf4e5c7c235

SHA512
a3b425292e4360bbbd71b652166868ba7632913b39d89b609e3f461c6c77d765c8e9445fac84eb8f3efa7b963ab2ef57e399e918045635fdeb5c5abc8fdf0682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\173\{94a16ae2-f8cb-4fcf-89b6-75cc4aad23ad}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\29\{8058327a-2961-4946-b7f3-4bcce4e1391d}.final

Filesize
78KB

MD5
dbb60e0bdbe732f96cbcc4231882a525

SHA1
0dd3a292c363e36b49308f752853653c2ef90c63

SHA256
5896fe22baa869ecb6bc5b41b586e7d44502a0683aa4af514a99f32077ba90f7

SHA512
9306159f9c73afae946860984315bd9ee976b864412411039c261d8e298102dd56010217b67301bb71e73e35332d55240ea8a19b5478ffb008b4aa0da1fd8779

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\ls\usage

Filesize
12B

MD5
a4b57866747aa8bc0828ccb259689903

SHA1
b77c045f5580c81a6cd07a5e5d2271064aa52233

SHA256
395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88

SHA512
f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0ed2663971e8051b2bcb574926400fa8

SHA1
467756bf41c377bdb07c8be10d5391f1df1d80a7

SHA256
0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

SHA512
e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
e34232449ba45aa9ba40ed1717e342d2

SHA1
7d8ac8ac389f4871572dd9c6d43ae8f4d87e40dc

SHA256
da7365d5a59a6269cae3489c2d3dc8497ce32ee1b392486e163db5838304d01a

SHA512
265f1d5cf4584af4fb1c52520851cdf5d2db5c0fd63f879d7181f01ebfb07a2e9c7f2e53d756940434b7b83cdf5ad7adcd523eb20bbb1b9186ae973eff74df65

Download Submit
C:\Users\Admin\Downloads\Furry.hY3KyaTm.Shades.of.Gay.Uncensored.zip.part

Filesize
31KB

MD5
869c9c1533c9811d70683a58f74dd96b

SHA1
0ed5489315e9c0a24d3bcfc977a998084b60ed43

SHA256
9aa7db837e0df7ae9b34e567cee407c8eb7c74e1dc3d602e659e8e080c9506f2

SHA512
780e0c62935889a0718e15a8120b4a6523ff9bec96c232fefa562c521180b97ae2a3177270ba31cba82bbb2fcdb35fad28a3df674bee43baa7b341bec08ea9f0

Download Submit
C:\Users\Admin\Downloads\MEMZ.NE86v4Ai.exe.part

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\wIDzcPN5.zip.part

Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/520-52-0x0000015205230000-0x0000015205330000-memory.dmp

Filesize
1024KB

Download
memory/520-66-0x00000152160E0000-0x00000152160E2000-memory.dmp

Filesize
8KB

Download
memory/520-51-0x0000015205230000-0x0000015205330000-memory.dmp

Filesize
1024KB

Download
memory/520-55-0x0000015204DD0000-0x0000015204DF0000-memory.dmp

Filesize
128KB

Download
memory/520-56-0x0000015215E90000-0x0000015215E92000-memory.dmp

Filesize
8KB

Download
memory/520-60-0x0000015215EE0000-0x0000015215EE2000-memory.dmp

Filesize
8KB

Download
memory/520-64-0x00000152160C0000-0x00000152160C2000-memory.dmp

Filesize
8KB

Download
memory/520-58-0x0000015215EB0000-0x0000015215EB2000-memory.dmp

Filesize
8KB

Download
memory/520-62-0x0000015216000000-0x0000015216002000-memory.dmp

Filesize
8KB

Download
memory/4564-46-0x0000028114EB0000-0x0000028114FB0000-memory.dmp

Filesize
1024KB

Download
memory/4896-92-0x0000025EF1060000-0x0000025EF1061000-memory.dmp

Filesize
4KB

Download
memory/4896-85-0x0000025EF1270000-0x0000025EF1272000-memory.dmp

Filesize
8KB

Download
memory/4896-16-0x0000025EECF20000-0x0000025EECF30000-memory.dmp

Filesize
64KB

Download
memory/4896-88-0x0000025EF1130000-0x0000025EF1131000-memory.dmp

Filesize
4KB

Download
memory/4896-35-0x0000025EF1100000-0x0000025EF1102000-memory.dmp

Filesize
8KB

Download
memory/4896-0-0x0000025EECE20000-0x0000025EECE30000-memory.dmp

Filesize
64KB

Download